On Thu, 14 Feb 2019 at 11:58, Ken O'Driscoll via mailop <[email protected]> wrote: > On Thu, 2019-02-14 at 10:09 +0100, Stefano Bagnara wrote: > > So, before I propose to use local whitelisting I'd like to understand > > the global blacklisting causes :-) > > (If there is some malicious activity going on we better find it, > > instead of working around it) > > I understand. The following, in case you don't already know about them, can > be useful sites for checking on URL/IP reputation outside of traditional > RBLs: > > https://talosintelligence.com/ (Cisco) > https://reputationauthority.org/ (WatchGuard) > https://exchange.xforce.ibmcloud.com/ (IBM)
Thank you, but the only issue is from Sophos. We send from the same infrastructure since 10+ years and there are no issues on the above websites (we have a reputable history for our IPs/domains, we are not aware of any malware issues in years). I'm pretty sure this is a false positive from Sophos (maybe related to a new CNAME, so a new host it doesn't know and some heuristic on the hostname), so I wanted to know if anyone have experience with the specific "Time of click" filter from Sophos (we don't have general issues on our url reputations, only this Sophos weirdness on a specific url, as far as I have been reported). Stefano _______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
