What is TrustedSource? | Create Account | Login 
Secure Computing Corporation
 
Home  About  FAQ
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 

FAQ

Secure Computing® TrustedSource™ is a global threat correlation engine and intelligence base of global messaging and communication behavior, including reputation, volume, and trends, including email, web traffic and malware.

TrustedSource™ gathers data on the behavior of senders across the Internet. In addition to the traditional techniques such as global email traffic patterns and volume, network characteristics and public blacklists and whitelists, TrustedSource™ is unique in that it provides real-time, precise data from Secure Computings's extensive customer network.

What is TrustedSource?

The TrustedSource™ Portal data is powered by Secure Computing's TrustedSource™ global threat correlation engine. In addition to general ISP spam data, which is largely consumer centric, TrustedSource™ receives and analyzes billions of messages per month from Secure Computing's network of sensors deployed to protect enterprise traffic, messaging and web gateways across 82 countries globally, collecting reputation data for URLs, IP, Domains and Messages. Like a virtual credit agency, TrustedSource™ assigns a reputation score and further classifies senders as good, bad or suspicious based on an in-depth analysis by processing more than a dozen behavior attributes to profile each sender. TrustedSource™ is the first and only reputation system to combine traffic data, whitelists, blacklists and network characteristics with the unparalleled strength of Secure Computing's global customer base. As opposed to other offerings that do not integrate reputation into the spam scoring, TrustedSource™ data provides the most accurate and effective spam blocking.

What are the benefits of creating of creating an account on TrustedSource.org?

Creating a login allows the user to take advantage of additional features on TrustedSource.org including creating a ticket to track/request changes to URL reputations, our Ask the Expert section, and allows you to submit ideas on improving this site. As we continue to build in new features others will be exclusive to users with accounts.

What does the Global Message Volume chart represent?

This chart represents the total estimated global messaging volume based on a representative worldwide sample of messages that TrustedSource evaluates daily. The blue line represents the total message volume while the shaded area represents the total messages classified as malicious. With the interactive slider below the chart the user can change the time horizon on the information going back a year to see the relative changes over time with the total message and total malicious messaging volumes.

What do the colors in the dashboard map represent?

The map shows the number of malicious messages sent by known spam IPs per country. The colors are represented by a "heat map" (i.e. blue means low and yellow means high).

How do the envelope icons represent daily message volume?

Message volume is expressed in forms of envelopes. Ten envelopes correspond to all email seen by the TrustedSource™ system. Calculated on a log scale with a base of 10, each envelope less corresponds to a 10x decrease in message volume. No envelopes would indicate that TrustedSource™ did not see any communication from that IP.

When I click on an individual IP address what does the graph that I see mean?

The blue line shows the percentage deviation from the average daily message volume for the past 30 days from that IP address. Additionally, the graph shows the reputation class of the IP address for the same time period.

When I click on a domain name what does the graph on the domain information page mean?

The blue line shows the percentage deviation from the average daily message volume for the past 30 days. The red line shows the number of unique sending IP addresses per day.

What do you mean by 'reputation'?

For each IP address on the Internet, TrustedSource™ calculates a reputation value based on sending behavior, blacklist and whitelist information, spam trap information, etc. The reputation is expressed in five classes:

  • Trusted:
    The IP address is a legitimate sender or a source of substantial amounts of legitimate email
  • Neutral:
    The IP is likely a legitimate sender but may send small amounts of email requiring further inspection
  • Unverified:
    The IP address may be a legitimate sender but displays a few properties suggesting further content inspection of emails received from that address
  • Suspicious:
    The IP address shows many spam sender characteristics, and email received from this address may be subject to higher scrutiny, and
  • Malicious:
    The IP address has either been used to send spam or phishing, or should not send any e-mail messages in general.

Why is my reputation 'Unverified' even though I am not sending spam?

This reputation class means that the system determined that you may be a legitimate sender (as stated above). As TrustedSource™ gathers more information on your IP address, your reputation may improve.

Why are private addresses 'Neutral'?

These IP addresses are not seen on the public Internet, and TrustedSource™ defines their reputation to be 'Neutral.'

Why is the reputation for an IP address 'Malicious,' but it does not send any messages?

The IP is not supposed to send any email and hence any message from that IP that may be received at some point should be considered as spam. This is for example true for IP address blocks currently unassigned.

What does breadth index of an IP address found under the 'Message Volume' section of the IP information page mean?

The breadth index is an indication of the number of mail servers with which a particular IP is communicating. It ranges from 0 for no communications to 10 for communications with nearly all possible mail servers. It is computed on a daily basis.

Who can I contact if I think the reputation assigned to an IP should be changed?

If an IP is classified as 'Inoffensive' or 'Neutral' but sends out spam or if a legitimate IP is classified as 'Suspicious' or 'Spam,' please contact TrustedSource.

How I can I help improve TrustedSource.Org?

We have created a form under the "About Tab" where users who have created a login account can submit their suggestions and ideas to improve the information and usefulness of TrustedSource.Org. These suggestions will be evaluated by the TrustedSource team and, where appropriate, be implemented into a future release of the web site.

User input is an important component of the Trusted Source system and culture. We have attempted to tailor the community website to the interests of our users thus far, drawing on our malware detection, web classification and messaging security expertise, chiefly focusing on the capability for users to provide feedback on IP and URL reputations. Going forward, we are exploring ways to provide a more customized experience for our registered (logged in) users.

What is the TrustedSource "Intelligence" Tab?

TrustedSource Intelligence is a paid portal service from Secure Computing to provide a view of your network as seen by our appliances worldwide. Traditional network monitoring is done via equipment on premises, whereas trusted source intelligence enables a network administrator or compliance officer to view activity generating from their network as others see it - complementing traditional monitoring. For example, compliance and outbound activity detection is only as good as the traffic directed through it. If machines are compromised and sending high volumes of malicious traffic not directed through the designated equipment, the only way to detect this in real-time is by seeing it from the outside and being alerted through Trusted Source Intelligence. Trusted Source intelligence portals offer a view into the entire Trusted Source database, with extended data mining, trending and aggregation capability to highlight correlated activity involving entities that you own across the internet ecosystem. This can be aggregated in a variety of ways, including geographically, by IP address, and by association with malware worldwide.

TrustedSource intelligence also provides an excellent venue for brand protection and phishing detection, providing a real-time list of those entities worldwide that are using your name or brand when sending messages worldwide.

Stopping phishing attacks and preventing zombies from sending email from within their domains is crucial to regaining and protecting their online reputation.

TrustedSource Intelligence receives a real-time stream of behavior-based intelligence from TrustedSource™, Secure Computing's global threat correlation engine. TrustedSource analyzes data from a variety of sources, including more than 100 billion messages per month collected from Secure Computing's global network of sensors. The Intelligence portal uses the reputation scores from TrustedSource to detect deviations from expected behavior for all senders, and provides real-time alerting to customers.

If you are interested in evaluating or purchasing TrustedSource Intelligence, please contact Secure Computing Sales.

Secure Computing Corporate Homepage | Contact | Privacy Policy | Disclaimer

Copyright © 2007-2008 Secure Computing Corporation. All Rights Reserved.

THE DATA IS FURNISHED, "AS IS" WITHOUT ANY WARRANTY OF ANY KIND, AND SECURE COMPUTING® HEREBY DISCLAIM ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES AS TO NON-INFRINGEMENT, AND IN NO EVENT SHALL SECURE COMPUTING® BE LIABLE FOR COSTS OF PROCURING SUBSTITUTE GOODS. IN NO EVENT WILL SECURE COMPUTING® BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT SECURE COMPUTING® HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.