Securence places sensible limits on all outbound mail delivery through its SMTP servers. If your outbound mail volume significantly increases in a short period of time, this may trigger a block by Securence’s Shieldwall engine. This is designed to protect compromised machines and compromised user accounts from sending unsolicited messages using your assigned IP address, tarnishing its reputation and causing further issues. If you are having difficulty sending outgoing mail through Securence because of a 421 Too many recipients error, this indicates your IP has been listed by Shieldwall. Shieldwall listings are temporary and as soon as your mail volume returns to normal levels your IP will be automatically removed from the block list.
What should I do if my IP becomes listed on Shieldwall?
With Active Directory Authentication enabled, Securence queries your AD server every time a user attempts to login. Continuity allows users to access their messages during an outage situation on your network. However, what if the outage includes your AD server? How can Securence authenticate your users to give them access to their Continuity inbox? Due to the inherent conflicts between these two features, extra measures are necessary in order to help them function together:
1. Ensure all users have confirmed at least one alternate e-mail address or mobile number in Securence.
If you have Continuity and AD Authentication enabled, any user that has not yet confirmed an alternate e-mail address or mobile number will be instructed to do so as soon as they login. They simply need to enter an e-mail address on a different domain that they have access to, or their mobile number, and Securence will send a confirmation code. Once confirmed, they may use their alternate e-mail address or mobile phone in the future should they need to reset their Securence password during an outage.
2. Use the Local (Securence) Authentication Override during an outage.
During an outage, when your users need access to their Continuity inbox or Quarantine, you may override all authentication to use Securence, instead of your AD server. This can be accomplished by checking the appropriate box in the Securence Admin interface: Incoming Settings -> Security tab -> Auth Method Override. Once enabled, if a user already has a Securence password, they may use it to login. If they don’t have a Securence password yet, they can follow the reset password procedure from the login page and use an alternate e-mail address or phone in order to set a new password for Securence.
3. When your system is back online, disable the Authentication Override.
When you are ready for your users to resume authenticating using your AD server, simply disable the Auth Method Override. All users configured to authenticate via AD will once again be able to login to Securence using their AD credentials.
Securence provides outgoing email filtering and delivery. Most Securence customers are provided a dedicated IP address that no other customer will use. This isolates customers from potential IP reputation problems. If another customer sends spam or bulk emails, all other customers are protected from the IP reputation damage that may occur. This is a major advantage over other email services where emails are delivered from a pool of shared IP addresses. Although these services have many IP addresses in their pool, it’s possible to have these IP addresses’s reputations tainted because of the inevitable spam that will be sent through these services.
Most DNSBLs yellowlist the major email senders, but this is an imperfect practice and these IPs sometimes get listed or at least don’t enjoy a positive IP address reputation.
Automated services within Securence monitor all the outgoing IP addresses on major and minor IP reputation lists including Spamcop, Spamhaus, etc. When there are IP address reputation problems, our email team will investigate the cause and resolve it. Often this requires action by the customer’s email administrator. We assist and give helpful information to help resolve the issues quickly.
Once the root cause has been addressed, if the IP reputation is still poor, a new address is assigned and the previous one is retired. Retired IP addresses get set aside for a time to allow listings to expire. Before an IP address is reintroduced as a potential dedicated outgoing address, Securence admins ensure its reputation is neutral or positive.
DNSBL stands for DNS Block List. Also called RBL for Realtime Block List. These acronyms have had different words at times, but they generally do the same thing: prevent emails based on the IP address of the sending server.
Securence, by default, uses two of our own private DNSBLs and two independent DNSBLs to block messages based on IP address.