McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Create Account | Login  | What is TrustedSource?
 
Home  About  FAQ
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 

FAQ

What is TrustedSource?

The TrustedSource™ Portal data is powered by McAfee's TrustedSource™ global threat correlation engine that receives and analyzes billions of queries per month from McAfee's network of sensors deployed to protect consumer and enterprise network traffic across 120 countries globally, collecting and correlating threat data for URLs, IP addresses, domains and content. TrustedSource™ assigns a reputation score and further classifies network identities and content with a risk level based on an in-depth highly sophisticated analysis derived by processing thousands of behavior attributes to profile each network trafic sender, website, domain or content. TrustedSource™ is the first and only reputation system to combine traffic data, routing, IP/domain registration data and network characteristics with the unparalleled breadth of McAfee's global customer base.

What are the benefits of creating of creating an account on TrustedSource.org?

Creating a login allows the user to take advantage of additional features on TrustedSource.org including creating a ticket to track/request changes to URL reputations, our Ask the Expert section, and allows you to submit ideas on improving this site. As we continue to build in new features others will be exclusive to users with accounts.

What does the Global Message Volume chart represent?

This chart represents the total estimated global messaging volume based on a representative worldwide sample of messages that TrustedSource&trade evaluates daily. The blue line represents the total message volume while the shaded area represents the total messages classified as malicious. With the interactive slider below the chart the user can change the time horizon on the information going back several years to see the relative changes over time with the total message and total malicious messaging volumes.

What do the colors in the dashboard map represent?

The map shows the number of malicious messages sent by known spam IPs per country. The colors are represented by a "heat map" (i.e. blue means low and yellow means high).

How do the envelope icons represent daily message volume?

Message volume is expressed in forms of envelopes. Ten envelopes correspond to all email seen by the TrustedSource™ system. Calculated on a log scale with a base of 10, each envelope less corresponds to a 10x decrease in message volume. No envelopes would indicate that TrustedSource™ did not see any communication from that IP.

When I click on an individual IP address what does the graph that I see mean?

The blue line shows the percentage deviation from the average daily message volume for the past 30 days from that IP address. Additionally, the graph shows the reputation class of the IP address for the same time period.

When I click on a domain name what does the graph on the domain information page mean?

The blue line shows the percentage deviation from the average daily message volume for the past 30 days. The red line shows the number of unique sending IP addresses per day.

What do you mean by 'reputation'?

For each IP address on the Internet, TrustedSource™ calculates a reputation value based on sending or hosting behavior and various environmental data that TrustedSource™ automatically collects, aggregates and correlates from customers and partners about the state of Internet threat landscape. We have recently changed our reputation classes to be more streamlined and integrated with other McAfee technologies. The reputation is expressed in four classes:

  • Minimal Risk:
    Our analysis indicates this is a legitimate source or destination of content/traffic.
  • Unverified:
    Our analysis indicates that this appears to be a legitimate source or destination of content/traffic, but also displays certain properties suggesting that further inspection is necessary.
  • Medium Risk:
    Our analysis indicates that this source/destination shows behaviour we believe is suspicious and content/traffic to or from it requires special scrutiny.
  • High Risk:
    Our analysis indicates that this source/destination does or will send/host potentially malicious content/traffic and we believe it presents a serious risk.

Why is my reputation 'Unverified'?

This reputation class means that the system determined that you may be a legitimate source or destination of content traffic (as stated above). As TrustedSource™ gathers more information on your IP address, your reputation may improve.

Why are private addresses labeled 'Minimal Risk'?

These IP addresses are not seen on the public Internet, and TrustedSource™ defines their reputation to be 'Minimal Risk'.

Why is the sending reputation for an IP address 'High Risk,' but it does not send any messages?

The IP is not currently not being used and hence any activity from that IP at a future point should be considered as a high risk. An example is an IP address block that is currently unassigned.

What does breadth index of an IP address found under the 'Message Volume' section of the IP information page mean?

The breadth index is an indication of the number of mail servers with which a particular IP is communicating. It ranges from 0 for no communications to 10 for communications with nearly all possible mail servers. It is computed on a daily basis.

Who can I contact if I think the reputation assigned to an IP should be changed?

If an IP is classified as Minimal Risk, but sends out or hosts malicious content or if a legitimate IP is classified as Medium or High Risk, please contact TrustedSource.

What is the TrustedSource "Intelligence" Tab?

TrustedSource Intelligence is a paid portal service from McAfee to provide a view of your network as seen by our appliances worldwide. Traditional network monitoring is done via equipment on premises, whereas TrustedSource Intelligence enables a network administrator or compliance officer to view activity generating from their network as others see it - complementing traditional monitoring. For example, compliance and outbound activity detection is only as good as the traffic directed through it. If machines are compromised and sending high volumes of malicious traffic not directed through the designated equipment, the only way to detect this in real-time is by seeing it from the outside and being alerted through Trusted Source Intelligence. Trusted Source intelligence portals offer a view into the entire Trusted Source database, with extended data mining, trending and aggregation capability to highlight correlated activity involving entities that you own across the internet ecosystem. This can be aggregated in a variety of ways, including geographically, by IP address, and by association with malware worldwide.

TrustedSource Intelligence also provides an excellent venue for brand protection and phishing detection, providing a real-time list of those entities worldwide that are using your name or brand when sending messages worldwide.

Stopping phishing attacks and preventing zombies from sending email from within their domains is crucial to regaining and protecting their online reputation.

TrustedSource Intelligence receives a real-time stream of behavior-based intelligence from TrustedSource™, McAfee's global threat correlation engine. TrustedSource™ analyzes data from a variety of sources, including more than 100 billion messages per month collected from McAfee's global network of sensors. The Intelligence portal uses the reputation scores from TrustedSource™ to detect deviations from expected behavior for all senders, and provides real-time alerting to customers.

McAfee Homepage | Contact | Privacy Policy

Copyright © 2007-2009 McAfee, Inc. All Rights Reserved.

THE DATA IS FURNISHED, "AS IS" WITHOUT ANY WARRANTY OF ANY KIND, AND MCAFEE® HEREBY DISCLAIM ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES AS TO NON-INFRINGEMENT, AND IN NO EVENT SHALL MCAFEE® BE LIABLE FOR COSTS OF PROCURING SUBSTITUTE GOODS. IN NO EVENT WILL MCAFEE® BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT MCAFEE® HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.