Spam filters

Cisco Secure Email overview and troubleshooting support

The following is a summary of best practices for sending email to Cisco Secure Email users. Cisco Secure Email uses a combination of IronPort and Cisco Intelligent Multi-Scan filtering for spam, malware, and phishing protection. However, Cisco Secure Email customers can configure custom message filters, filter rules, and filter actions depending on their internal policies and desired business outcomes.

Configuration flexibility can lead to varied outcomes across Cisco Secure Email customers for B2B and B2C marketing campaigns.

Infrastructure

Regions

Worldwide

Website

Cisco Secure Email Threat Defense

Domains

Cisco Secure Email customers use their own domain

Resources

Methodology

Cisco Secure Email is a multi-layered email security solution that combines third-party anti-spam and anti-virus solutions, IronPort Anti-Spam and Cisco Intelligent Multi-Scan to protect their customers from spam, viruses, and malware.

Base filtering

  • Talos reputation score: calculated from a variety of data points, including spam trap hits, blocklistings, user complaints, sender maturity, and volume.
  • Virus and malware protection: using Sophos cybersecurity and McAfee anti-virus solutions.
  • Sender identification: using SPF, DKIM, and DMARC authentication.

Advanced filtering

  • Machine learning: fed by Cisco's global threat ecosystem to detect and block threats.
  • Phishing protection: using real-time URL analysis.
  • Content filtering: of offensive or unauthorized content.
  • Filter rules and actions: based on attachments, originating network, message envelope, message headers, message body, and outbreaks.
  • Allowlist and Blocklist: based on IP, URL, domain, or subdomain.

Cisco Secure Email best practices

  • Security
    • Ensure all servers are protected from unauthorized access and use.
    • Ensure all servers are free from viruses and malware.
    • Make sure all email sent from your servers is authorized.
  • Infrastructure
    • Follow all Internet and SMTP standards.
    • Ensure your HELO/EHLO is configured with a valid fully qualified domain name (FQDN).
    • Ensure your IP address (IPv4 or IPv6) has a valid, non-generic rDNS (PTR) record.
    • Do not send email through an open relay or open proxy server.
    • Do not send email from a dynamic IP address.
    • Use Transport Layer Security (TLS) 1.2 and higher (optional)
      • Some Cisco Email Secure customers may reject messages that don't use TLS.
      • If the customer does not require TLS, your email will go through their spam filtering process as normal.
  • Sending best practices
    • Consent
      • Use opt-in consent methods.
      • Do not purchase lists or engage in list harvesting techniques from websites and social networks.
    • List hygiene
      • Ensure you have good list hygiene practices and frequently suppress inactive subscribers.
    • Reputation
      • Follow all email marketing sending best practices to ensure a high IP and Domain reputation.
        • Cisco Secure Email customers can set up filter rules and actions based on your sending reputation, so senders with a poor sending reputation will have difficulty reaching the inbox.
        • Known bad senders are blocked.
      • Do not send low volume and irregular patterns of mail as it can contribute to a low domain sender reputation.
      • Large increases in volume will also contribute to a lower sender reputation.
  • Sending guidelines
    • Do not engage in domain spoofing or your email will be perceived as phishing.
    • Respect the receiving server resources and reduce volume and frequency should throttling occur.
    • Encourage recipients to add your sending address to their contacts list. Email addresses in a contacts list are less likely to be marked as spam.
    • Send messages no larger than 10 MB.
      • Message size can be configured by customer and be based on your sending reputation score.
  • Authentication
    • Authenticate all email using Sender Policy framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC).
      • Work towards a quarantine or reject DMARC policy to help protect your brand from unauthorized domain use.
      • Unauthenticated emails are likely to be perceived as spam and quarantined or blocked.
      • Be sure to configure both SPF and DKIM.
        • If your email is tied to a suspected or known threat outbreak, the subject line may be modified and URLs in your message may be rewritten and redirected to Cisco's web security proxy. This could break DKIM authentication if another server or application is responsible for verifying the DKIM signature.
        • SPF is tied to your domain, so URL changes will not invalidate SPF.
        • DMARC requires either SPF or DKIM pass with alignment, so SPF gives your email some insurance against DKIM failures.
  • Engagement
    • Send to people that want to receive your email. Highly engaged subscribers improves your sending reputation and can lead to higher inbox placement.
  • Content
    • Branding
      • Include your brand name in the friendly from address and within the email content to ensure your email is easily recognized by the recipient.
      • B2B senders should also include a brand name until a relationship with the recipient has been established.
        • Unexpected, cold emails from an individual salesperson are likely to be marked as spam.
      • A top reason for high complaints is when the recipient doesn't recognize the sender.
    • Always include valid, reputable URLs in your email content. Do not link to websites involved in phishing or malware. 
    • Use the standard URL format. Avoid using IP addresses in the URL.
    • Ensure all attachments are free from viruses and malware.
    • Ensure content is in language expected by recipient.
      • Some customers may configure to block by language or country.
    • Do not send .exe file types.
    • Do not use URL shortening services. URL shorteners make it more difficult to detect spam and may be perceived as less trustworthy.
  • Warm up new IP addresses or domains
    • Warming up IPs and domains is typically associated more with B2C senders, but is recommended for all senders as a best practice.
      • Warm up new IP addresses and domains.
      • New IPs and domains with a sending history less than 30 days are considered "immature" and will receive higher scrutiny. 
      • New IPs and domains with a sending history over 30 days are "mature" and will receive lower scrutiny.
      • Sending legitimate email with good sending metrics will help build a good sending reputation quickly.

Cisco Secure Email troubleshooting support

If you have an established relationship with a Cisco Secure Email customer and encountering delivery problems, contact them directly and ask to be added to their allowlist. Individual recipients can also add you to their personal contact list to help with inbox delivery.

  • Best practices
    • Ensure you are following all recommended Cisco Email Secure best practices.
  • Check the recipients MX records
    • Ensure they are a Cisco Email Secure customer.
      • MX Lookup
        • Cisco MX records will resemble:
          • mx1.XXXXXX.iphmx.com
          • mx2.XXXXXX.iphmx.com
  • Review your SMTP error codes
    • Refer to Cisco Secure Email Error Codes for additional information about why your email is being deferred or blocked.
      • Immediately suppress email addresses that return an SMTP error code indicating the address is an unknown user or a disabled account.
  • Check your SPF, DKIM, and DMARC configuration and results
    • Check the Authentication-results message header in Everest for a global provider such as Gmail, Hotmail, or Apple to ensure all authentication results are passing (=pass).
    • Ensure all IPs and domains are up to date and include any third-party senders that send on your behalf.
      • New IPs, domains, mail streams, ESPs, and mail servers are common reasons why SPF, DKIM, and DMARC are not updated.
    • If authentication is failing and if your IPs and domains are up to date, you may have a setup configuration error.
  • Check blocklistings
    • Check for and fix the cause of any IP or domain blocklistings.
  • Check your content
    • Look for and change content that could be construed as an attempt to capture sensitive personal information from the recipient.
      • Credit card numbers, social security numbers, banking IDs, routing information.
      • This applies to text within attached images such as: .gif, .jpg, .png, and .tiff.
      • Attached images can also be scanned for adult-themed content based on skin-tone colors.
    • Look for and change URLs pointing to possible "undesirable" websites. Content categories for your website can be viewed with a Talos Reputation Lookup and are used to describe the type of content and not threat levels. You can dispute your content type if you think it is incorrect by submitting a Content Categorization support ticket (see below). Cisco customers can filter content based on a variety of categories, but here are a few to watch out for.
      • Adult-themed 
      • Pornography
      • Gambling
      • Hate speech
      • Illegal drugs
      • Unlawful activity
  • Check the reputations of your IPs and all domains within your content
  • Contact Cisco with delivery problems
    • You must create a free guest account if you are not an existing Cisco customer. Cisco customers should login to submit a ticket.
    • Ensure you are following all of Cisco Secure Email's recommended best practices and have made fixes or improvements to your email program.
      • According to Cisco Secure Email, your reputation score should improve within an average of 3-5 days once you fix known problems. 
    • Submit support ticket

Related articles

Turn your data into revenue

Whether you’re looking to optimize the performance of your email marketing, data management or sales functions, Validity is your trusted partner to ensure you’re reaching who you need to.

Company
Products
Solutions
Resources
Contact