Cisco Cisco Web Security Appliance S670 Troubleshooting Guide
How does SenderBase work?
Document ID: 118378
Contributed by Nasir Shakour and Enrico Werner, Cisco TAC
Engineers.
Engineers.
Oct 13, 2014
Contents
Introduction
How does SenderBase work?
Related Information
How does SenderBase work?
Related Information
Introduction
This document describes how SenderBase works.
How does SenderBase work?
SenderBase is a designed to help email administrators better manage incoming email streams by providing
objective data about the identity of senders. SenderBase is akin to a credit reporting service for email,
providing data that ISPs and companies can use to differentiate legitimate senders from spam sources.
SenderBase provides objective data that allows email administrators to reliably identify and block IP
addresses originating unsolicited commercial email (UCE) or to verify the authenticity of legitimate incoming
email from business partners, customers or any other important source. What makes SenderBase unique is that
it provides a global view of email message volume and organizes the data in a way that it is easy to identify
and group related sources of email. SenderBase combines multiple sources of information to determine a
"reputation score" for any IP address. This information includes:
objective data about the identity of senders. SenderBase is akin to a credit reporting service for email,
providing data that ISPs and companies can use to differentiate legitimate senders from spam sources.
SenderBase provides objective data that allows email administrators to reliably identify and block IP
addresses originating unsolicited commercial email (UCE) or to verify the authenticity of legitimate incoming
email from business partners, customers or any other important source. What makes SenderBase unique is that
it provides a global view of email message volume and organizes the data in a way that it is easy to identify
and group related sources of email. SenderBase combines multiple sources of information to determine a
"reputation score" for any IP address. This information includes:
Email volume information provided by tens of thousands of organizations that regularly receive
Internet email
Internet email
•
Spam complaints received by the SpamCop service
•
Information on other DNS−based blacklists
•
Reputation scores in SenderBase may range from −10 to +10, reflecting the likelihood that a sending IP
address is trying to send spam. Highly negative scores indicate senders who are very likely to be sending
spam; highly positive scores indicate senders who are unlikely to be sending spam. Using the Email Security
Appliance (ESA), you can combine these scores with blocking, throttling, and spam filtering policies to speed
system performance and reduce false positives.
address is trying to send spam. Highly negative scores indicate senders who are very likely to be sending
spam; highly positive scores indicate senders who are unlikely to be sending spam. Using the Email Security
Appliance (ESA), you can combine these scores with blocking, throttling, and spam filtering policies to speed
system performance and reduce false positives.
Because the SenderBase Reputation Service includes multiple sources of data, it is unlikely that a highly
negative score will incorrectly identify a sender as a spammer. It is always possible for a DNS−based blacklist
or spam report to be incorrect, but when many lists report the same IP address and SpamCop has many reports
of spam from an IP address, the likelihood of a false positive is greatly reduced.
negative score will incorrectly identify a sender as a spammer. It is always possible for a DNS−based blacklist
or spam report to be incorrect, but when many lists report the same IP address and SpamCop has many reports
of spam from an IP address, the likelihood of a false positive is greatly reduced.