Reputation Center Support

Contact Reputation Support

 Indicates required field.

Type of Ticket

0
0
0

Common Questions

How do I do a Reputation Lookup?

Use the Reputation Center Search box to look up email and web reputation information.

You can search using the following criteria:

IPv4 address for example, 198.133.219.25.
IPv6 address for example, 2001:420:1101:1::a.
CIDR range either IPv4 or IPv6, for example, 198.133.219.25/24 or 2001:420:1101:1::a/48.
Domain or Hostname for example, cisco.com or www1-v6.cisco.com. Internationalized names are also supported - for example, 达彼思.香港 or xn--03txn239i.xn--j6w193g.
URI for example, http://www.cisco.com/en/US/products/index.html.
Network Owner for example, Cisco Systems.

Common Questions

What is the difference between Email Reputation and Web Reputation?

Talos Reputation Center email reputation is based on data for the IP address associated with a given email server. Talos Reputation Center web reputation is based on data for an entire domain and all associated IP addresses.

Common Questions

What do the Reputation Scores mean?

By tracking a broad set of attributes for email and web, the Talos Reputation Center supports very accurate conclusions about a given host. Sophisticated security modeling leverages the breadth of this data to generate a granular reputation score ranging from -10 (for the worst) to +10 (for the very best). On this page the granular reputation score is grouped into Good, Neutral and Poor for simplicity reasons.

Good Little or no threat activity has been observed from this IP address or domain. Email or Web traffic is not likely to be filtered or blocked*.
Neutral This IP address or domain is within acceptable parameters. However, email or Web traffic may still be filtered or blocked*.
Poor A problematic level of threat activity has been observed from this IP address or domain. Email or Web traffic is likely to be filtered or blocked*.

*While many networks use the Talos Reputation Center as a means for assessing their email and web traffic, it does not block email or Internet traffic. If your email is being blocked or you feel it is not being delivered, you should check with your ISP.

Common Questions

How is Email Volume Magnitude calculated?

Similar to the Richter scale used to measure earthquakes, the Talos Reputation Center volume magnitude is a measure of message volume calculated using a log scale with a base of 10. The maximum theoretical value of the scale is set to 10, which equates to 100% of the world's email message volume. Using our log scale, a one point decrease in magnitude equates to a 10x decrease in actual volume.

For example, with a world wide daily volume of 200 billion messages/day a domain with a volume magnitude of 5 would have an estimated volume of 2,000,000/day while a sender with a volume magnitude of 6 would have an estimated daily volume of 20,000,000/day.

The following table illustrates the percentage of Internet email associated with each volume magnitude:

10.0 100%
9.0 10%
8.0 1%
7.0 0.1%
6.0 0.01%
5.0 0.001%
4.0 0.0001%
3.0 0.00001%
2.0 0.000001%
1.0 0.0000001%

Common Questions

What does 'Blocked: Too Many Requests' mean?

If you saw the message "Access Forbidden: Too many requests" you have surpassed the maximum number of queries allotted per user in a 24-hour time span. This web service is a free of charge, but for availability reasons each user is only granted a certain amount of queries per 24 hours.

We reserve the right to change the value for the maximum amount of queries at anytime to offer each user a highly available and fast service. In case of continued excessive use of this service we further reserve the right to block the offending IP permanently.

Common Questions

How current is the Reputation Lookup data?

The data presented on TalosIntelligence.com is refreshed every 3 hours. This schedule ensures faster query times and manages effective server load.

We are currently in the process of creating a notification service that will allow automated alerting of monitored domains and IPs.

Support Tools

Application Visibility Control Portal

This tool lets you search and filter applications supported by Cisco ASA NGFW, Cisco WSA and Cisco CWS.

Cisco ASA NGFW, Cisco WSA and Cisco CWS Services Context-Aware Security provides context-aware capabilities for exceptional visibility and control so your enterprise can take advantage of new applications and devices without compromising security.

Email Reputation

Reasons for Neutral Email Reputation

A neutral email reputation can indicate one of two things:

  1. There are slight problems with the IP which are keeping it from having a better reputation
  2. There are very low levels of mail flow traffic reported for the IP by the Talos Reputation Center. Without sufficient email reports, the Reputation Center cannot accurately generate a reputation for the IP and assigns the IP a "Neutral" reputation.

Generally a neutral reputation is a very good thing, as the Reputation Center does not view the IP as a potential spam risk. The IP is considered within acceptable Talos Reputation Center parameters. Talos Reputation Center guidelines do not recommend blocking of emails from senders with neutral reputations.

Email Reputation

Reasons for Poor Email Reputation

Here are some common reasons why an IP might have a poor reputation:

  • There have been reports of spam from your IP. Look up your IP's reputation on Talos Reputation Center and check the "DNS Based Block Lists" area to see whether it is listed on any of the common DNSBLs.
  • Your IP exhibits DNS patterns that indicate compromise by a SpamBot. Make sure your DNS is configured according to the protocol for RFC5321, section 4.1.1.1 (https://www.ietf.org/rfc/rfc5321.txt)
  • Our sensors have received emails from your IP that contained links to domains hosting or distributing malware

If you know what your problem was and have fixed it, your score should improve automatically within 3-5 days. If your score does not improve within 3-5 days after you think you fixed the problem, please create a ticket and we'll investigate.

Email Reputation

Incorrect Network Owner of an IP Address

Talos Reputation Center displays the owner of the largest IP block to which an IP belongs. It may be that who seems to be the owner may actually be an org. which is renting IP space from the owner of the entire IP block. This is a very common practice. A whois query on the IP can corroborate the data provided by the Reputation Center.

If our data is incorrect, please note that the Talos Reputation Center contains information on over 32 million IP addresses that send email. It typically takes about 3 months for network owner and other contact/hostname information to be updated. Since there is no way to know the exact time the information for a given IP was updated, it is hard to predict how soon it will re-update. In any case, it should not be longer than 3 months.

Be assured that the information we list in the Network Owner is for information only and does not impact the IP's reputation. If an IP has a poor reputation, there's a different reason. See the "Reasons for Poor Email Reputation" FAQ for more information.

If a change is still needed, please file a ticket with our Contact Reputation Support form. Note: tickets about IPs with poor reputations take priority.

Email Reputation

Incorrect Hostname

If you recently changed your IP, then the Reputation Center data will update automatically as we receive samples of email with the new hostname. It doesn't affect your reputation. If you've had the IP for more than 3 months, please create a ticket with our Contact Reputation Support form and we will investigate.

Email Reputation

Reputation Recovery Time for IP

In general, once all issues have been addressed (fixed), reputation recovery can take anywhere from a few hours to just over one week, depending on the specifics of the situation and how much email volume the IP sends. Complaint ratios determine the amount of risk for receiving mail from an IP, so logically, reputation improves as the ratio of legitimate mails increases with respect to the number of complaints. Speeding up the process is not really possible. The Talos Reputation Center is an automated system over which we have very little manual influence.

In the meantime, if there are recipients whom you cannot contact, we would recommend contacting the ISP involved to request temporary whitelisting or you can always arrange to contact the recipient via alternative means.

Email Reputation

Adjusting IP Score

No - the Talos Reputation Center is an automated system. All IPs are subject to the same reputation calculation standards. Manually adjusting a score would be contradictory to fair and equal assessment of all IPs.

Email Reputation

Purchase IP / Web Reputation Filtering

Presently we do not offer any such package. You may contact Cisco Sales and inquire about router and email appliance services which would offer you the protection of our IP (email) and URI (web) reputation systems.

Web Reputation

Reasons for Neutral Web Reputation

For a website to have a "good" reputation, we need to have substantial positive evidence over time. Consequently, the majority of websites have "neutral" reputations. The Talos Reputation Center guidelines do NOT recommend blocking of sites with neutral reputations.

Web Reputation

Reasons for Poor Web Reputation

There are many reasons why a URI or Webhosting IP can have a poor web reputation. If your website's reputation is poor and you are certain that your site is uncompromised, please file a support ticket with our Contact Reputation Support form and we will investigate.

Meanwhile, here are some simple "best practices" that will reduce the likelihood of problems:

  • Ensure that the IP addresses hosting the website are dedicated IP addresses. If the IP addresses change frequently, and if the site has an IP address that was hosting malicious content in the past, it can result in a poor web reputation.
  • Ensure that the content hosted by the website is fully owned and controlled by you and is clean.

Terms of Service

Description of Talos Reputation Center

The Talos Reputation Center is a traffic monitoring network. The Talos Reputation Center examines different parameters about email traffic and web traffic, including global sending volume, complaint levels, "spamtrap" accounts, whether a sender's DNS resolves properly and accepts return mail, country of origin, blacklist information, probability that URLs are appearing as part of a spam or virus attack, open proxy status, use of hijacked IP space, valid and invalid recipients, and other parameters. The Talos Reputation Center uses these parameters to provide comprehensive data to differentiate legitimate senders from spammers and other attackers.

License

Cisco grants you a limited, non-exclusive, non-transferable license to use the Talos Reputation Center strictly in accordance with these Terms.

Cookie Support

You must enable cookies in your web browser to use the Talos Reputation Center. A cookie is a file saved on your computer to identify your web browser. To enable cookies, please go to the options settings in your web browser.

Acceptable Use

The Talos Reputation Center and any information obtained from the Talos Reputation Center ("Materials") are for Your personal and non-commercial use in monitoring the reputation of Your network. You agree not to:

  • exceed 10 queries per minute per IP or subnet;
  • use any measure to circumvent this personal and non-commercial use limitation or other requirements in these Terms; or
  • modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer or sell the Materials or any information, software, products or features obtained from the Talos Reputation Center. This includes no "scraping" of the data.

If You use the Talos Reputation Center in violation of these Acceptable Use limitations, Cisco may suspend or terminate your access to the Talos Reputation Center.

No Unlawful or Prohibited Use

You agree not to:

  • use the Talos Reputation Center for any purpose that is unlawful or prohibited by these Terms;
  • use the Talos Reputation Center in any manner that could damage, disable, overburden, or impair any Cisco network, or interfere with any other party's use of the Talos Reputation Center;
  • attempt to gain unauthorized access to the Talos Reputation Center, through hacking, anonymous proxies, botnets, TOR exit nodes or any other means;
  • mask or otherwise conceal your true IP address and identity;
  • "scrape" or use any other automated means to retrieve the reputation data of the site;
  • obtain or attempt to obtain any Materials or information through any means not intentionally made available through the Talos Reputation Center; or
  • use the Talos Reputation Center if You are not permitted to do so under applicable law in the United States and the country where You reside, including under any export control laws governing the export of data or software,

Violations, including intellectual property infringement and security issues, will result in your use being limited, or blocked, and will be investigated by Cisco and prosecuted to the fullest extent of the law, whether civil or criminal. Cisco may involve and cooperate with law enforcement authorities in prosecuting users who violate these Terms.

Privacy

The Talos Reputation Center and any personal information you provide to Cisco in connection with your use of the Talos Reputation Center is subject to Cisco's Privacy Policy located at http://www.cisco.com/web/siteassets/legal/privacy.html, which is hereby incorporated into these Terms.

Indemnity

You agree to indemnify and hold Cisco, its affiliates, officers, and employees, harmless from any claim or demand, including reasonable attorneys' fees, made by any third party due to or arising out of Your use of Talos Reputation Center, Your violation of these Terms, or Your infringement of any third party's intellectual property rights.

Warranty Disclaimer

CISCO PROVIDES THE TALOS REPUTATION CENTER ON AN "AS IS," "WITH ALL FAULTS" AND "AS AVAILABLE" BASIS. CISCO MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THE TALOS REPUTATION CENTER, INCLUDING, WITHOUT LIMITATION, ITS ACCURACY, COMPLETENESS OR RELIABILITY, THAT THE TALOS REPUTATION CENTER WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS WILL BE CORRECTED. CISCO EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, AND ANY WARRANTIES OF NON-INTERFERENCE OR ACCURACY OF INFORMATIONAL CONTENT. CISCO DOES NOT REPRESENT OR GUARANTEE THAT THE TALOS REPUTATION CENTER WILL BE FREE FROM LOSS, CORRUPTION, ATTACK, VIRUSES, INTERFERENCE, HACKING OR OTHER SECURITY INTRUSION, AND CISCO DISCLAIMS ANY LIABILITY RELATING THERETO.

Limitation of Liability

IN NO EVENT WILL CISCO OR ITS AFFILIATES BE LIABLE FOR ANY COSTS OF PROCUREMENT OF SUBSTITUTE PRODUCTS OR SERVICES, LOST PROFITS, LOSS OF INFORMATION OR DATA, OR ANY OTHER SPECIAL, INDIRECT, CONSEQUENTIAL, OR INCIDENTAL DAMAGES ARISING IN ANY WAY OUT OF YOUR USE OF, OR INABILITY TO USE THE TALOS REPUTATION CENTER, EVEN IF CISCO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THESE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU.

Changes to Terms

Cisco may update or otherwise modify these Terms and to apply new or additional Terms to the Talos Reputation Center. Such new or additional terms ("Additional Terms") will be effective immediately and incorporated into these Terms. Your continued use of the Talos Reputation Center will constitute your agreement to any such Additional Terms and the amendment of these Terms to incorporate such Additional Terms. You are responsible for regularly reviewing the Terms and any Additional Terms posted on the Talos Reputation Center.

Termination

Cisco may terminate these Terms, or terminate or suspend your access to the Talos Reputation Center at any time, with or without cause, with or without notice. Without limiting the foregoing, if you violate these Terms, we may end Your permission to use Talos Reputation Center. Upon such termination or suspension, your right to use the Talos Reputation Center will immediately cease. The termination of your permission to use the Talos Reputation Center shall not terminate any of these Terms which, by their nature, are intended to survive termination, including, but not limited to, those relating to indemnity, warranty disclaimer, limitation of liability, intellectual property rights and governing law and jurisdiction. You agree that Cisco shall not be liable to You for any suspension or termination of your access to the Talos Reputation Center.

Intellectual Property Rights

The Talos Reputation Center and any Materials are protected by copyright, trademark and other intellectual property rights. Cisco or its affiliates own the title, copyright, trademark and other intellectual property rights in the Talos Reputation Center. Except as specifically permitted by these Terms, no portion of the Talos Reputation Center may be distributed or reproduced by any means or in any form, without Cisco's prior written consent.

Governing Law and Jurisdiction

These Terms are governed by the laws of the State of California, without reference to conflict of laws principles, and any disputes arising hereunder are subject to the jurisdiction of the California state courts in Santa Clara County, or in the event of federal jurisdiction, the federal courts for the Northern District of California. You consent to the exclusive jurisdiction and venue of these courts. Cisco also reserves the right to initiate legal action before any court of competent jurisdiction to protect its intellectual property and other rights under these Terms. You acknowledge and agree that a breach or threatened breach of these terms would cause irreparable injury, that money damages would be an inadequate remedy, and that Cisco shall be entitled to temporary and permanent injunctive relief, without the posting of any bond or other security, to restrain You or anyone acting on your behalf, from such breach or threatened breach.

General Provisions

These Terms are the entire agreement between You and Cisco concerning Your use of the Talos Reputation Center, and supersede any and all prior or contemporaneous written or oral understandings with respect to this subject. Cisco may assign these Terms, in whole or in part, at any time with or without notice to You, but You may not assign these Terms or any rights hereunder. Any attempt by You to transfer, assign or delegate these Terms without Cisco's prior written consent shall be null and void. There shall be no third party beneficiaries to these Terms. If any of these Terms is held invalid or unenforceable, such invalidity or non-enforceability will not invalidate or render unenforceable any other of these Terms. Section headings in these Terms are solely for convenience of reference and have no legal or contractual significance. Cisco's failure to enforce any provision in these Terms will not constitute a waiver of such provision, or any other provision of such Terms. Cisco will not be responsible for failures to fulfill any obligations due to causes beyond its control. The provisions of these Terms governing disclaimers of warranties, liability limitation, indemnity obligations, intellectual property rights and governing law and jurisdiction shall survive expiration or termination of these Terms. Any rights not expressly granted herein are reserved.

Last updated March 1, 2012