Managing IP Reputation is the need of the hour

IP REPUTATION

IP Reputation is critical for email delivery. IP reputation list is the list of IP addresses that are suspected of being untrustworthy. The IP Reputation list is used by most of the worldwide mailing software to identify, reject or flag spam emails. The list is also referred as “Blacklist” or “Blocklist”. 

The IP addresses in IP Reputation list could be:

• The Systems that are observed sending spam on the internet
• Zombies (compromised machines) that send spam
• Open proxies that allow untrusted email to pass through them

There are many of such IP Reputation lists, operated by companies such as UCE-Protect, SpamCop, SpamHaus, SpamRats, SORBS and others. They have their own mechanism to identify and maintain bad IP Addresses into IP Reputation lists. Most of these watchdog groups lists or blocks very specific IP address (/32) or larger pools (/24, /23, etc.) or sometimes complete Autonomous System Number (ASN) of the Communication Service Providers (CSPs) based on the spam severity.

CSPs Story and Challenges

CSPs offer Internet services to Mobile Operators, Cloud Providers, Large Enterprises, Small Office/Home Office and Home Users. CSPs also provide Public IP Addresses required for internet communication.
Most of CSPs customers like Large Enterprises and Cloud providers deploy their own security mechanism at their infrastructure to manage security and hence are less susceptible of getting compromised.

Without adequate security measures Home and Mobile users machines gets compromised by computer worms or viruses. Their machine becomes part of a Zombie network without their knowledge. Such Zombies are controlled from a central location and can be made to perform various malicious activities including sending spam.  These are the machines whose IP address gets listed in IP reputation lists / Blacklists.

 Large IP Pool blacklisting or Entire Network blocking by Watchdog groups creates multiple issues for CSPs:

• Support calls from users whose legitimate emails are not getting delivered
• Damage to Large Enterprises & Cloud Providers
• Brand damage
• User Churns

It becomes essential for Communication Service Providers (CSPs) to protect their IP Addresses from bad reputation.

CSPs faces following challenges:

• Identifying Infected User – In many deployment cases IP addresses assigned to Home and Mobile users are dynamic not fixed. Due to this it becomes difficult for CSPs to identify infected user because of regular changing IP.
• Educating Infected User - Generally infected users are not aware of any infection on their system. It requires lot of effort to educate them and make them clean their machine.

Hence identifying and cleaning infected users in CSPs network is not a scalable solution. There is a need of a solution which is independent of users and their systems.

Our tools Network Protection feature provides a network based solution that can identify and mitigate spams using outbound spam protection improving IP reputation.