About Blocked Traffic

If you select Blocked traffic as your search condition, a summary of sender MTA IP addresses is displayed, either permanently or temporarily blocked by Trend Micro Email Reputation Services and Trend Micro Email Security incoming security filtering (for incoming messages) or by Trend Micro Email Security relay mail service filtering (for outgoing messages).

If data is available as the Blocked traffic type, it will be displayed by default. In addition, an email message may be permanently rejected by Trend Micro Email Security due to its exceedingly large size, for example, if the size of a message exceeds 50 MB.

The following information is displayed for the Blocked traffic type:

  • Timestamp: The time the message attempt was blocked. Click on the Timestamp value to view Mail Tracking Details for a given message.

  • Sender: The sender email address on the message envelope, in other words, the sender address in the SMTP MAIL command.

  • Recipient: The recipient email address on the message envelope, in other words, the recipient in the SMTP RCPT command.

  • Blocking Reason:
    • For incoming messages: The sender IP address was blocked by Email Reputation Services or Trend Micro Email Security content-based filtering at the message level.

      Blocked status is either Temporary or Permanent.

      If the message has an exceedingly large size, the status will display Size limit. In this case, the message is rejected and blocked permanently by Trend Micro Email Security content-based filtering due to its size. Trend Micro Email Security will respond to the sending MTA with a 552 error (a failure of the requested connection because the message exceeded storage allocation).

    • For outgoing messages: The message was blocked by Trend Micro Email Security relay mail service filtering. Outgoing messages are not filtered by Email Reputation Services (ERS). Outgoing messages can be blocked for the following reasons:

      • The recipient address is not resolvable, for example someone@???.com.

      • Spammers forged the message sender to be in the customer domain.

      • Your MTA is compromised, for example it is an open relay, and it is sending spam messages.

  • Sender IP: The IP address of the upstream MTA that delivered this message to Trend Micro Email Security.