CheckTLS testing blocked

I need a solution

Similar to other requests about legitimate emails being blocked by MessageLabs, it looks like some of your MX hosts are blocking testing from CheckTLS.com (see below, 5 of 8 are blocked).  Either that or you have some failing MX hosts.

I understand why your automated systems may see testing from CheckTLS as a threat.

CheckTLS users, which include some of the largest financial institutions, health systems, insurers, and law offices world wide, do thorough testing of domains, some of which are protected by MessageLabs.  These tests probe every MX they can find looking at security.  No test ever actually sends an email (we have a strong abuse policy).

CheckTLS has been testing for 9 years, growing 50% per year, and is reaching critical mass in the industry.  We do over a million tests a month now.

But from MessageLab’s viewpoint, you see more and more tests, targeting every one of your hosts, that never send an email.  I suspect this looks like an attack to you.

Let me assure you, these tests are not an attack.  They are not a threat.  In fact, they are good for MessageLabs and Symantec.  It means more and more people are checking you out.

These are either paying customers verifying that MessageLabs is doing what they say they do, or

outside companies who email MessageLabs paying customers who are verifying that MessageLabs is secure, or

potential MessageLabs customers who are looking at how MessageLabs works.

All this long message is to respectfully request that MessageLabs and Symantec white list CheckTLS.com.  In as many places as you can.  We do not send email, we do not spam, we are not a hacker site.  Our users only have access to the test we publish on our web site.

Please contact me personally if you have any questions or concerns.

Thank you.

— Steve Shoemaker

Principal, CheckTLS

MX Server

Pref

Answer

Connect

HELO

TLS

Cert

Secure

From

cluster1.eu.messagelabs.com 
[85.158.142.97:25]

10

OK 
(86ms)

FAIL

FAIL

FAIL

FAIL

FAIL

FAIL

cluster1.eu.messagelabs.com 
[46.226.52.193:25]

10

OK 
(1,080ms)

FAIL

FAIL

FAIL

FAIL

FAIL

FAIL

cluster1.eu.messagelabs.com 
[46.226.53.49:25]

10

OK 
(79ms)

FAIL

FAIL

FAIL

FAIL

FAIL

FAIL

cluster1.eu.messagelabs.com 
[85.158.142.196:25]

10

OK 
(85ms)

FAIL

FAIL

FAIL

FAIL

FAIL

FAIL

cluster1.eu.messagelabs.com 
[46.226.52.97:25]

10

OK 
(80ms)

FAIL

FAIL

FAIL

FAIL

FAIL

FAIL

cluster1a.eu.messagelabs.com 
[52.59.133.150:25]

20

OK 
(92ms)

OK 
(96ms)

OK 
(93ms)

FAIL

FAIL

FAIL

OK 
(375ms)

cluster1a.eu.messagelabs.com 
[18.194.106.207:25]

20

OK 
(90ms)

OK 
(94ms)

OK 
(91ms)

FAIL

FAIL

FAIL

OK 
(367ms)

cluster1a.eu.messagelabs.com 
[52.28.91.133:25]

20

OK 
(92ms)

OK 
(94ms)

OK 
(93ms)

FAIL

FAIL

FAIL

OK 
(371ms)

Average

 

100%

38%

38%

0%

0%

0%

38%

0

Related:

  • No Related Posts

Messagelabs.com messages being filtered/delayed

I need a solution

We have issues with our e-mails being delayed to servers using symantech and messagelabs.com. 

I found the previous post: https://www.symantec.com/connect/forums/emails-being-rejected-delayed-filtered-messagelabs

which suggests e-mailing investigation@review.symantec.com and submitting e-mails for investigation; however, this e-mail sends a kickback anytime I try sending samples. How do we get this issue corrected??

0

Related:

  • No Related Posts

Strange DDOS attack

I do not need a solution (just sharing information)

We are experiencing a strange DDOSBotnet DDOS attack from inside our network.  

Tries to login with a NULL SID attack (as ancient as that is) with about 15 or so attempts in a second.  Then it pulls another user and machine from AD and runs the same attack over again.  Of ourse, the attack fails from a login perspective but does keep the server busy for a bit.  Appears to be an APT but uses the stupid Null SID attack to try to login.  Again this is like an internal botnet with one machine after another trying the Null Sid resulting in a 4625 being logged  in my Windows server Security auditing failed events  log.

Its as though our whole network is executing this attack against this one server one worstation at a time.  Whatever this is it was not caught by SEP in any way.  Same thing with Malware Bytes

Thanks for any ideas!

0

Related:

  • No Related Posts