About Standard IP Reputation Settings

Hosted Email Security makes use of Trend Micro Email Reputation Services (ERS) Standard Service and Advanced Service.

See Connection-Based Filtering at the MTA Connection Level.

Standard IP Reputation Settings use Trend Micro Email Reputation Services Standard Service, which helps block spam by validating requested IP addresses against the Trend Micro standard IP reputation database, powered by the Trend Micro Threat Prevention Network. This ever-expanding database currently contains over a billion IP addresses with reputation ratings based on spamming activity. Trend Micro spam investigators continuously review and update these ratings to ensure accuracy.

Hosted Email Security makes a query to the standard IP reputation database server whenever it receives an email message from an unknown host. If the host is listed in the standard IP reputation database, that message is reported as spam.

You can choose which lists to enable from the standard IP reputation database. By default, all lists are enabled. The default setting is the most effective for reducing spam levels, and it meets the needs of most customers.

Note: If you disable some portions of the standard IP reputation database, you may see an increase in the amount of spam messages that reach your internal mail server for additional content filtering.

The standard IP reputation database includes the following lists:

  • Known Spam Source: The Real-time Blackhole List (RBL) is a list of IP addresses of mail servers that are known to be sources of spam.

  • Dynamically Assigned IP: The Dynamic User List (DUL) is a list of dynamically assigned IP addresses, or those with an acceptable use policy that prohibits public mail servers. Most entries are maintained in cooperation with the ISP owning the network space. IP addresses in this list should not be sending email directly but should be using the mail servers of their ISP.

  • Emerging Threat List: The Emerging Threat List (ETL) is a list of IP addresses identified as involved in active ransomware, malware, or other email threat campaigns.

Note:

To avoid false positives from a trusted partner company, go to IP Reputation > Approved/Blocked and add the IP address for their MTA to the Approved list.

The IP addresses in the Approved lists bypass other IP reputation-based filtering. This list is useful for ensuring all messages from a partner company or other MTA are allowed, no matter their status with the standard IP reputation databases or with the Trend Micro Email Reputation Services (ERS) dynamic IP reputation database. When using the IP reputation approved lists, you may experience lower overall spam catch rates.