Re: [mailop] Cyren status regularly flapping back to Suspicious
Hello, Alessandro Vesely via mailop wrote on 07.07.21 at 13:27: So it's IPv4. Talos[*] reports low email activity on it. Do you send out DMARC reports and similar stuff? I found that doing so increases my footprint and hence stabilizes reputation, albeit some point out that reports can be classified as spam... indeed, the activity on the various IPs of mine is not that high. It's a bit higher on some, but in any case I'm not one of the big players with a large mail volume. :-) I don't send out DMARC reports (yet), but the quality of the traffic should be good, i.e. the bounce ratio rather low. All are individual mailboxes from the educational sector, no newsletters or the like. Luckily, thanks to this list, a kind person from Cyren poked me directly (thanks so much!) and in parallel, the recipient was excluding these IPs from their Cyren checking, so my current case at hand seems solved for the moment. I'm trying to understand if the Cyren behaviour is expected and the recipient is just wrongly blocking the yellow IPs, or if actually the flapping back is due to "spammy neighbours" and can be mitigated. I'll report back if I have more insight. That being said - thanks indeed, I appreciate how helpful and cooperative this list has been to me so far, although I'm fairly new here! Florian ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Cyren status regularly flapping back to Suspicious
On Tue 06/Jul/2021 20:28:16 +0200 Florian Effenberger via mailop wrote: Alessandro Vesely via mailop wrote on 06.07.21 at 18:38: I tried https://www.cyren.com/security-center/cyren-ip-reputation-check-gate and it says "No Risk" for 188.34.176.133 and "Please enter a valid IP" for 2a01:4f8:c010:587c::1. Is it the latter the one that gives you problems? The IPv4 is one of the several IPs affected, indeed. I unblocked it again last week, but it likely will switch back after a while. Not sure if CYREN supports IPv6 - but the recipient's MX doesn't in any case, so it's not a workaround to deliver the mails either. So it's IPv4. Talos[*] reports low email activity on it. Do you send out DMARC reports and similar stuff? I found that doing so increases my footprint and hence stabilizes reputation, albeit some point out that reports can be classified as spam... Best Ale -- [*] https://talosintelligence.com/reputation_center/lookup?search=188.34.176.133 ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Cyren status regularly flapping back to Suspicious
Hello, thanks for the replies! John Levine via mailop wrote on 05.07.21 at 18:59: I believe the recipient's mail system is misconfigured. If Cyren tags an IP as yellow, they should soft fail with 450 so it can retry later. That could be indeed helpful. I was reaching out to their postmaster already (recipient is a larger German city) to see if they can do something - a greylisting would be "fine", but the hard reject is an issue. Alessandro Vesely via mailop wrote on 06.07.21 at 18:38: I tried https://www.cyren.com/security-center/cyren-ip-reputation-check-gate and it says "No Risk" for 188.34.176.133 and "Please enter a valid IP" for 2a01:4f8:c010:587c::1. Is it the latter the one that gives you problems? The IPv4 is one of the several IPs affected, indeed. I unblocked it again last week, but it likely will switch back after a while. Not sure if CYREN supports IPv6 - but the recipient's MX doesn't in any case, so it's not a workaround to deliver the mails either. Florian ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Cyren status regularly flapping back to Suspicious
On Mon 05/Jul/2021 14:45:30 +0200 Florian Effenberger via mailop wrote:
Their website lists the IP as yellow ("Suspicious"), with an explanation of
"The IP has only recently started sending mails, and therefore still has an
Unknown reputation".
I tried https://www.cyren.com/security-center/cyren-ip-reputation-check-gate
and it says "No Risk" for 188.34.176.133 and "Please enter a valid IP" for
2a01:4f8:c010:587c::1. Is it the latter the one that gives you problems?
Best
Ale
--
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Re: [mailop] Cyren status regularly flapping back to Suspicious
It appears that Florian Effenberger via mailop said:
>Hello,
>
>I have some issues with the Cyren blocklist - one recipient's server is
>bouncing mails back with
>
>550-5.7.1 This email was rejected because it violates our security policy
>550 5.7.1 CYREN IP reputation determined a medium risk associated with
>the sender address X.X.X.X. (in reply to DATA command)
>
>Their website lists the IP as yellow ("Suspicious"), with an explanation
>of "The IP has only recently started sending mails, and therefore still
>has an Unknown reputation".
I believe the recipient's mail system is misconfigured. If Cyren tags an IP
as yellow, they should soft fail with 450 so it can retry later.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Re: [mailop] Cyren status regularly flapping back to Suspicious
On 05/07/2021 14:45, Florian Effenberger via mailop wrote:
Hello,
I have some issues with the Cyren blocklist - one recipient's server is
bouncing mails back with
550-5.7.1 This email was rejected because it violates our security policy
550 5.7.1 CYREN IP reputation determined a medium risk associated with
the sender address X.X.X.X. (in reply to DATA command)
Their website lists the IP as yellow ("Suspicious"), with an explanation
of "The IP has only recently started sending mails, and therefore still
has an Unknown reputation".
I am also getting the same thing, it seems I never get a reputation,
while also being on many whitelists and being blacklisted nowhere.
However, my mails are not being rejected but greylisted. So I am also
interested in knowing how to get on their reputation list.
smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
[mailop] Cyren status regularly flapping back to Suspicious
Hello,
I have some issues with the Cyren blocklist - one recipient's server is
bouncing mails back with
550-5.7.1 This email was rejected because it violates our security policy
550 5.7.1 CYREN IP reputation determined a medium risk associated with
the sender address X.X.X.X. (in reply to DATA command)
Their website lists the IP as yellow ("Suspicious"), with an explanation
of "The IP has only recently started sending mails, and therefore still
has an Unknown reputation".
Unblocking on their website works like a charm and is effective within
minutes. The status turns green ("No Risk"), with an explanation of
"This IP address has not been used for sending Spam".
Some time ago, usually 2-3 weeks later, the status however flaps back to
"Unknown", effectively blocking mails again. I then unblock again, just
to get blocked again 2-3 weeks later.
I'd say the mail server is configured properly - PTR, A, , SPF,
DKIM, DMARC all in place. Active DNSWL (!) listing, and no other
listings anywhere. postmaster@ and abuse@ are reachable.
I have this effect on a few machines (mine and also colleagues under a
different domain, but same hoster), including some without any outgoing
mails, and one box where I'm the only user currently. Given the IP is
from a big provider's netblock, I tend to assume that actually too few
mail samples are with Cyren, and they therefore block again. Chicken and
egg problem in the end, if I can't send mails, they can't get good
samples...
Anyone has experiences with this, any way to contact them?
Thanks a lot,
Florian
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
