IP and Domain Reputation list precedence
search cancel

IP and Domain Reputation list precedence

book

Article ID: 219500

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Good Sender domains or email addresses in the Messaging Gateway Local Good Sender list does not stop reputation filtering by the Local Bad Sender IP list or the Symantec Global Reputation list.

Environment

Release : 

Component :

Resolution

Messaging Gateway Reputation lists have the following precedence:

  1. Local Good Sender IP and Symantec Global Good Sender IP lists
  2. Local Bad Sender IP, Symantec Global Bad Sender IP list, and Third Party Bad Senders
  3. Local Good Sender Domain list
  4. Local Bad Sender Domain list

Reputation scanning happens in two phases:

  1. Firewall phase (IP reputation checks)
  2. Message filtering phase (Domain list checks)

Firewall Phase

The firewall phase determines whether a sending IP address is allowed to connect to the email service on Messaging Gateway. If the sending IP address is on either the Local Good Sender IP list or the Symantec Global Good Sender IP list, the connection is allowed.

If the sending IP address is not on either the local or Symantec Good Sender IP list but appears on any of the following lists the connection will be denied:

  • Local Bad Sender IP
  • Symantec Global Bad Sender IP list
  • Third Party Bad Senders

Note: Because the IP reputation lists are applied before the connection is accepted, they will always be processed before the Domain based reputation lists.

Message Filtering Phase

If a sending IP passes the IP reputation / firewall phase and is allowed to connect to Messaging Gateway, the Envelope Sender (SMTP MAIL FROM:) address will be compared with the following domain reputation lists:

  • Local Good Sender Domains
  • Local Bad Sender Domains

If the sending address or domain appears in the Local Good Sender Domain list, the Local Bad Sender Domain list is not checked and spam scanning is bypassed for that message.
If the sending address is not on the Local Good Sender Domain list but is on the Local Bad Sender Domain list, the message is treated as bad and deleted.

Note: All message filtering actions noted above are based on the default SMG policy configuration. The reputation lists can be configured to take a range of different filtering actions.
Note: Adding IPs or networks to the Local Good Sender IP list will lock the IP address into Connection Class 9. Adding IPs or networks to the Local Bad Sender IP list will lock the IP address  / network into Connection Class 1