Sender IP reputation levels

By tracking a broad set of attributes for email, the Talos Reputation Center supports very accurate conclusions about a given host. Sophisticated security modeling leverages the breadth of this data to generate a granular reputation score ranging from -10 (for the worst) to +10 (for the very best). On this page the granular reputation score is grouped into Good, Neutral and Poor for simplicity reasons.

Sender IP Reputation Levels Description
Good Little or no threat activity has been observed from this IP address or domain. Email traffic is not likely to be filtered or blocked*.
Neutral This IP address or domain is within acceptable parameters. However, email traffic may still be filtered or blocked*.
Poor A problematic level of threat activity has been observed from this IP address or domain. Email traffic is likely to be filtered or blocked*.

*While many networks use the Talos Reputation Center as a means for assessing their email traffic, it does not block email or Internet traffic. If your email is being blocked or you feel it is not being delivered, you should check with your ISP.

Reasons for Neutral Email Reputation

A neutral email reputation can indicate one of two things:

  1. There are slight problems with the IP which are keeping it from having a better reputation
  2. There are very low levels of mail flow traffic reported for the IP by the Talos Reputation Center. Without sufficient email reports, the Reputation Center cannot accurately generate a reputation for the IP and assigns the IP a “Neutral” reputation.

Generally a neutral reputation is a very good thing, as the Reputation Center does not view the IP as a potential spam risk. The IP is considered within acceptable Talos Reputation Center parameters. Talos Reputation Center guidelines do not recommend blocking of emails from senders with neutral reputations.

Reasons for Poor Email Reputation

Here are some common reasons why an IP might have a poor reputation:

  • There have been reports of spam from your IP. Look up your IP’s reputation on Talos Reputation Center and check the “DNS Based Block Lists” area to see whether it is listed on any of the common DNSBLs.
  • Your IP exhibits DNS patterns that indicate compromise by a SpamBot. Make sure your DNS is configured according to the protocol for RFC5321, section 4.1.1.1 (https://www.ietf.org/rfc/rfc5321.txt)
  • Our sensors have received emails from your IP that contained links to domains hosting or distributing malware

If you know what your problem was and have fixed it, your score should improve automatically within 3-5 days. If your score does not improve within 3-5 days after you think you fixed the problem, please create a ticket and we’ll investigate.

How long will it take to see a change in sender domain reputation after submitting a ticket?

Customers should receive an initial response within 24 hours, resolution time of a submitted ticket will vary.