IP Reputation - Whitelisting Best Case?

Options
NEP
NEP Posts: 61  Ally Member
First Anniversary 10 Comments Friend Collector
in Security
Hello. This morning a user emailed me a bounce-back from one of his contacts. It indicated that the external email couldn't be sent to our user. I looked in the logs and found that the IP was blocked because it was in the "IP Reputation - Phishing" database and marked as High. What is the best way to go about unblocking this? I don't particularly want to whitelist the IP address (though I have done so temporarily), as I won't know if it changes without some type of monitoring. Is there any way to whitelist based on the email's domain name? The IP is 170.249.236.236 and it's for a hosting company in Georgia, USA. Just trying to find the best fix. Thanks!

Accepted Solution

  • Zyxel_James
    Zyxel_James Posts: 624  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options
    Hello @NEP,
    Yes, we whitelist the IP address. 

    Zyxel IP reputation filter matches up our up-to-date cloud reputation database and determines if an address is reputable or not. The database is based on Webroot. (https://www.brightcloud.com/tools/url-ip-lookup.php)
    However, we could add an IP address to the whitelist and update it to the newest signatures.

    James

All Replies

  • Zyxel_James
    Zyxel_James Posts: 624  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hello @NEP,
    Currently, this IP address is considered as high-risk, except IP address, could you provide the hosting website URL(hostname) for us? Thank you.

    James
  • NEP
    NEP Posts: 61  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options
    @Zyxel_James What does "except IP address" after the "IP address is considered as high-risk" mean? As for your request, I don't know what the hosting website's URL is. Just pulled the info given from a Whois lookup. Having our user ask their contact now. I'll DM you all the relevant information once I have it. Thanks!
  • Zyxel_James
    Zyxel_James Posts: 624  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hello @NEP,
    Please update your IP reputation signature to 1.0.0.20221024.0. The IP address currently is detected as Neutral, the external email should not be blocked now, please check, thank you.


    James
  • NEP
    NEP Posts: 61  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options
    The list was auto updated in the last 24 hours and as you said the IP is no longer listed. Thanks! Out of curiosity, did you have to whitelist the IP or was it removed by whatever services you use to maintain the list?
  • Zyxel_James
    Zyxel_James Posts: 624  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options
    Hello @NEP,
    Yes, we whitelist the IP address. 

    Zyxel IP reputation filter matches up our up-to-date cloud reputation database and determines if an address is reputable or not. The database is based on Webroot. (https://www.brightcloud.com/tools/url-ip-lookup.php)
    However, we could add an IP address to the whitelist and update it to the newest signatures.

    James

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)