About Standard IP Reputation Settings

Trend Micro Email Security makes use of Trend Micro Email Reputation Services (ERS) Standard Service and Advanced Service.

Standard IP Reputation Settings use Trend Micro Email Reputation Services Standard Service, which helps block spam by validating requested IP addresses against the Trend Micro standard IP reputation database, powered by the Trend Micro Threat Prevention Network. This ever-expanding database currently contains over a billion IP addresses with reputation ratings based on spamming activity. Trend Micro spam investigators continuously review and update these ratings to ensure accuracy.

Trend Micro Email Security makes a query to the standard IP reputation database server whenever it receives an email message from an unknown host. If the host is listed in the standard IP reputation database, that message is reported as spam.

You can choose which lists to enable from the standard IP reputation database. By default, all lists are enabled. The default setting is the most effective for reducing spam levels, and it meets the needs of most customers.


If you disable some portions of the standard IP reputation database, you may see an increase in the amount of spam messages that reach your internal mail server for additional content filtering.

The standard IP reputation database includes the following lists:

  • Known Spam Source List: The Known Spam Source List (KSSL) is a list of IP addresses of mail servers that are known to be sources of spam.

  • Dynamic User List: The Dynamic User List (DUL) is a list of dynamically assigned IP addresses, or those with an acceptable use policy that prohibits public mail servers. Most entries are maintained in cooperation with the ISP owning the network space. IP addresses in this list should not be sending email directly but should be using the mail servers of their ISP.

  • Emerging Threat List: The Emerging Threat List (ETL) is a list of IP addresses identified as involved in active ransomware, malware, or other email threat campaigns.


To avoid false positives from a trusted partner company, go to Inbound Protection > Connection Filtering > IP Reputation, and add the IP address for their MTA to the Approved IP Address list.