Cisco e-mail service blacklists legit messages

Error in tweaking IronPort SenderBase algorithm blocks reputable e-mails internationally

An error in reconfiguring Cisco's IronPort SenderBase e-mail security service caused it to block outbound e-mail for Australian businesses earlier this week, and perhaps for some globally. According to Australia's SC Magazine and iTnews, algorithm updates to the service that focused on newly identified internet traffic behaviors in an effort to detect spam and phishing activity blocked legitimate e-mail.

Cisco detected the problem Tuesday morning this week in California and fixed it by Tuesday night, according to SC Magazine.

The posts said the e-mail blockage was "widespread" but did not provide any figures on the number of legitimate e-mails blocked. SenderBase takes in 35% of the world's e-mail traffic, respresenting 100 million messages and four terabytes of data a day, from 750,000 Cisco customer endpoints, according to SC Magazine.

Cisco assigns 500 employees to monitor changing patterns in e-mail behavior in order to pinpoint scams, the post states. This staff sometimes adjusts the SenderBase web reputation algorithm to diminish the reputation of suspicious email. According to a Cisco official quoted in SC Magazine:

"Candidly, we made a mistake and impacted some legitimate users."

SenderBase profiles showed Australian customers to still be impacted Thursday morning Australian time, according to SC Magazine. SenderBase's "follow-the-sun" mode of operation began the caseload in the US, then moved to Australia and from there will move on to Europe, the Cisco official explained.

But the Cisco official also says the "issue is fixed" for any end user who has IronPort in their environment, though he would not set a date for when erroneously blacklisted e-mails would have their reputations reinstated.

More from Cisco Subnet:

Meet Cisco/Insieme's recruiter

Cisco poaching rivals for SDN spin-in

Cisco incubating software-defined network startup?

Cisco's collaboration jab

Cisco losing router sales to HP?

Cisco helps user welcome BYOD 

Cisco's NDS purchase more than TV

Cisco: "We've never been more relevant"

Cisco: Customers drove us to block Microsoft/Skype

Critical milestones in Cisco history

Follow all Cisco Subnet bloggers on Twitter.Jim Duffy on Twitter


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2012 IDG Communications, Inc.