SophosLabs maintains IP address classifications that can be used by receiving networks to reject, not deliver, or quarantine spam messages in Sophos anti-spam products. This document describes the IP address classifications that can be used.
Two categories of IP address classifications exist: Classifications based on lists of IP addresses and classifications based on real-time policy checks during email processing.
SophosLabs list-based classifications
SophosLabs maintains lists of IP addresses suspected to be spam sources for one or more of the following classifications:
- The IP address comes from a widely known end-user IP address range (for example, a wide variety of third-party lists or other sources identify this IP address range as being assigned to end users). Some networks choose to reject, not deliver, tag as spam or quarantine messages coming directly from certain end-user-assigned IP address ranges, because these ranges (often dynamically assigned) were reported by a variety of third parties to contain high concentrations of compromised hosts and/or violate service provider usage policies. If you have a static IP address for sending legitimate email, you can request your IP address be removed from this list. If you have a dynamically-assigned IP address, you can request its removal, but since additional dynamic IP addresses you may obtain may also be listed, it is recommended you obtain a static IP address for your mail server.
- The IP address is a suspected compromised host. Some networks choose to reject, not deliver, tag as spam or quarantine messages coming from suspected compromised hosts. Compromised hosts are computers that were hijacked by hackers or viruses in order to send spam or for other malicious purposes. If your IP address is classified as a suspected compromised host, you should ensure your computer is free of viruses and spyware by performing a full scan and disinfection using reputable and up-to-date antivirus software. You should also ensure that your operating system and other software is fully patched and up to date. You may also request that your IP address be removed from this list.
- The IP address is a widely known to be a generic spam source. Some networks choose to reject, not deliver, tag as spam or quarantine messages coming from IP addresses that were identified as being under the control of or available for use by spammers. You can request your IP address be removed from this list, but other measures will likely be required to be viewed as a non-spamming source by Sophos and third-party lists.
- Whether an IP address is currently on SophosLabs' lists can be checked by visiting this page. If the IP address is still listed, you can request that SophosLabs review it for potential removal from the SophosLabs list (subject to Sophos classification policies).
SophosLabs policy-based classifications
SophosLabs also maintains various policy-based classifications:
- The hostname associated with this IP address indicates presence in an end-user network range widely suspected as a spam source. Some receiving networks choose to reject, not deliver, tag as spam or quarantine messages originating from computers with dynamically-assigned hostnames that indicate presence in an end-user network range because these ranges often contain high concentrations of compromised hosts and/or violate service provider usage policies. You can use the form on this page to request that your IP address be exempted from this check. Sophos recommends you also ensure your mail server has a static IP address and hostname.
Other reasons why your mail may be rejected, not delivered or quarantined
Your mail may be rejected, not delivered or quarantined for reasons outside of the IP address classifications described above, including:
- The receiving network may be performing additional anti-spam checks that are causing the message to not be delivered, such as using third-party DNS Block Lists (DNSBLs).
- Your message may appear to be spam based on other, content-based checks.
If you continue to have problems sending email, you may want to contact your company's email administrator or IT department helpdesk.