Investigators on the threat analysis team follow stringent policies and guidelines for nomination and removal of IP addresses from the databases that are part of the Email Reputation Services Standard level of service. An IP address receives a reputation assignment if it:
-
Sent spam or in some way has supported the sending of spam (for example, offering services to spammers or allowing their resources to be used by those who send spam).
-
Is an unsecured email server (“open relay”) that has been used to send spam.
-
Is an unsecured port on a machine (“open proxy”) that has been used to send spam.
-
Is a dynamically assigned address that should not be used as an email server.
Before processing, the Smart Protection Network categorizes IP addresses according to careful guidelines. The same investigator who assigned the reputation can also check any requests to change the assigned reputation. Every effort is made to make sure the reputation record is accurate and that changes are made in a timely manner.
Each reputation record includes samples of the actual spam received from the IP address, the history of spamming behavior, a record of any correspondence regarding mediation, any resolution of issues, and other related information. For dynamically assigned IP addresses that an ISP submitted to the standard reputation database, the reputation record includes submission dates and any limitations that the ISP placed upon the IP address.
To check the reputation of an IP address, refer to Look Up IP Addresses.