Posted on Mar 29, 2021
Every device connected to the internet has an IP address, similar to how every house has a street address. An IP address’s reputation can directly impact employee productivity because spam filters take it into account when filtering incoming emails. Although email server IP reputation is generally dependent on the volume and quality of the email you send, undetected malware infections can be the culprit if your emails are sent to a recipient’s spam folder. Because infected email servers often have high traffic volumes without you knowing it, you need to monitor your IP reputation as part of your cybersecurity program.
Explore these ten ways to improve your IP reputation that can help you identify and remediate problems, giving your email a better chance of going to your recipients’ inboxes.
Marketing emails and business transaction emails serve different purposes. Your marketing department likely sends a higher volume of emails than your workforce members. One way to increase your IP reputation is to separate these two email servers from one another.
By using two separate servers, you increase the IP reputation of both of them. First, it reduces the total number of emails sent from either server. Second, it gives you a way to ensure that business transaction emails make it to the intended recipient’s inbox.
If you decide to use two separate email servers, you want to “warm-up” your marketing email IP address. With IP warming, you send small volumes of email, gradually increasing the amount over time. If you send a large volume of email from the IP address on the first day, then spam filters will recognize this, and your IP reputation will plummet all over again.
Some best practices for IP warming include:
While IP warming is a great way to control IP reputation, it is not always necessary. If you are using two different servers but have shared IP addresses, then there is not a need for warming. IP warm-up only applies if you're using a dedicated IP address.
Cybercriminals that infect email servers with malware can use them as “zombie” machines. In other words, they control the device and use it to send out malicious spam messages without your knowledge. When spam filters pick up these emails, they attribute them back to your “zombie” server and assume that you’re the one sending the infected emails.
Often, malicious actors connect a series of zombie servers, creating a botnet. Then, they use the botnet to engage in additional malicious activities such as credential leaks, unauthorized access, and Distributed Denial of Service (DDoS) attacks.
If you monitor your servers for malware and remove it, you can get a boost to your IP reputation.
Proxy servers sit between your users’ computer and the internet, acting as a gate through which data traffic travels. When your user connects to a website, they send data through the proxy server. The data request is sent to the website, which returns a response that has to cross through the proxy server again. Proxy servers can enhance security when set up correctly.
However, public proxy servers can increase data security risks that lower your IP reputation. Often, malicious actors anonymize their proxies as part of their attack methodologies. If you’re using a public proxy server, IP reputation software mistakes your proxy for a malicious, anonymized one.
If you’re satisfied with the reason for using a public proxy server, then you need to place controls around it to help improve your IP reputation. For example, as part of your public proxy server policy, you should deny access to any web-based applications. Doing this reduces a malicious actor’s chances of stealing user ID and password information.
Additionally, you want to make sure that your corporate email server doesn’t use a public proxy to protect your IP reputation. Ensuring that your email server uses a private proxy protects important email credentials and reduces the likelihood that cybercriminals will be able to use it as part of a botnet.
Furthermore, if you are using a public proxy server, you want to make sure to filter out illegitimate or malicious IP addresses. With the right web traffic filtering tool, you try to mitigate risk. Unfortunately, even with web filtering, cybercriminals can find a way around the denial policies by:
If your organization uses a private proxy server, you still want to put some controls in place to protect your IP reputation. A fundamental control is implementing authentication. Similar to authenticating a user to an application, proxy server authentication is a way to ensure that the right users are accessing the server.
Generally speaking, the proxy authentication is in the HTTP header. When a user sends a request to the proxy server, the server sends back an authentication request. Once a user proves that they should have access, the web server can store the authentication information so the user doesn’t need to provide it again in the future.
By implementing authentication for proxy servers, you increase the security, which ultimately increases the IP reputation.
A WAF is a firewall used by a web application server that reviews requests to filter out malicious web traffic. Many WAFs offer IP Reputation Filter policies that can be used at either the network or application layer.
Some of the filters include:
Cybercriminals use C&C servers to send commands to malware-infected systems and devices. When malicious actors use “zombie” servers, they usually send the information from their C&C servers.
One way to detect C&C servers is to set up a honeypot. Honeypots are a security tool that “act” like traditional targets. For example, you might set up a network with all the same rules and protections as your core network. When cybercriminals are in the learning or “reconnaissance” phase, they will treat this honeypot network the same way they treat your core network.
Using the honeypot, you can gain visibility into how their attack works and look for similar activities on the core network. This lets you discover potentially compromised servers and increases your IP reputation.
Your top-level domain (TLD) is the primary web address for your company. When you’re organizing your website, your subdomains are how you organize additional resources. For example:
Each subdomain then has its own IP reputation. Often, the subdomains are hosted on different servers, and since each server is a device connected to the internet, each one has a different IP address.
This offers two benefits. First, you can separate your marketing and business transaction email IP reputations. Second, you can more clearly view the IP address causing the IP reputation problem. If you have the two domains together, it’s harder to figure out whether the IP reputation issue is from the marketing emails being tagged as spam or another underlying cause.
Secure Sockets Layer (SSL) certificates are small data files that encrypt data shared from a server to another location, like another server or a browser. Transport Layer Security (TLS) is a newer, more secure encryption protocol that protects data the same way an SSL certificate does.
SSL/TLS certificates not only improve security but also offer a way to verify an IP address. The digital certificates certified the device identity on the network. Whether you’re looking to increase the reputation of a public or private IP address, verifying the IP address is a way to prove that it’s not a malicious actor’s anonymized IP. This means that IP reputation services will be less likely to consider your IP address a threat.
SecurityScorecard’s easy-to-read A-F security ratings provide at-a-glance visibility into your IP reputation. Organizations looking to gain holistic visibility into their cybersecurity posture and that of their third-party vendors can leverage SecurityScorecard’s security ratings platform that continuously monitors for risks that impact your IP reputation, providing real-time visibility and actionable alerts. Our IP Reputation and Malware Exposure module uses open source threat intelligence (OSINT) malware feeds and third-party threat intelligence data. Then, we apply our sinkhole system that ingests millions of malware signals from C&C infrastructures. We process all of this data to create an IP reputation score that uses the quantity and duration of malware infections as the determining factor for calculation the Malware Exposure Key Threat Indicators.
Organizations can gain valuable insight into their cybersecurity posture by incorporating IP reputation and our other nine categories of risk, including application security, DNS health, endpoint security, network security, patching cadence, and web application security. Our security ratings platform gives you a holistic view of your entire digital ecosystem so that you can better protect data throughout your supply chain.
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.