Geo-IP, signature system, heuristic detection engine blocking

[LynK]

Hey guys,

We have moved over to our new ARIN addresses, and AS#. We are running into issues with various companies blocking us due to Geo-IP, signature systems, or heuristic detection blocking. This is an issue specifically with symantec message labs, as we have critical people we contact through them.

Is there a way that you know to work around this? ARIN does not offer any geo-ip services, and I know it is on the customers end, but do you know of anything else we can do. One of our problems for example is with chase bank. The only way symantec will fix the issue is if chase calls them. yeah... good luck.

[Otanx]

GEO IP is pretty easy. Almost everyone uses maxmind on the backend. You can request updates here:

https://support.maxmind.com/geoip-data-correction-request/

If your new addresses are on blacklists for spam, malware, or other issues it is much harder. There are a lot of blacklist companies, and who uses which is hard to figure out sometimes. Specifically for symantec they have a request form if you have not tried it yet.

https://ipremoval.sms.symantec.com/

Most reputable blacklists will have some kind of request form to review your block. Alternatively they usually only stay on a list for a few months if the reason they got put there is fixed. As an example our internal blacklist we build an IP gets put on for 90 days. After that the IP will be taken off unless it does something bad again. So it may just be a wait, and it gets better situation.

-Otanx

[LynK]

Otanx,

Thank you, we appreciate it. This is unfortunately very big issue as we have banking institutions that use symantec message labs, and we are stuck hoping their internal resources can contact IT, and provide assistance.

-Will

[Otanx]

Is this mainly email? You can look here
https://mxtoolbox.com/blacklists.aspx?AG=GBL&gclid=EAIaIQobChMIt8Og773R5wIVg-NkCh3VwQqNEAAYASAAEgL6hvD_BwE

that will tell you about the most common blacklists in use. Then google, and figure out how to get taken off of each one that has you listed as blocked. The problem you are going to run into is your customers who don't update their blacklists. As an example if they use Symantec, but don't have a support contract, and have a blacklist from 2018. Even if you clear your name with Symantec your customer will still be blocking you.

This is a really common problem with new IP space. Spammers and malware guys will ruin space, sell it, and move to other space.

-Otanx

[LynK]

We have been using mxtoolbox, and it has helped, and yes it is primarily email (and a few sonicwall devices our customers use, geo-ip blocking "unknown" countries).

Luckily we are also having problems emailing symantec support. Their support team can only work cases that their customers present to them. Well... if I cannot email their support maybe symantec themselves can escalate the issue.

[deanwebb]

Call your Symantec sales rep, that's the best way to open a case around normal channels.