Every device connected to the internet has an IP address, similar to how every house has a street address. An IP address’s reputation can directly impact employee productivity because spam filters take it into account when filtering incoming emails. Although email server IP reputation is generally dependent on the volume and quality of the email you send, undetected malware infections can be the culprit if your emails are sent to a recipient’s spam folder. Because infected email servers often have high traffic volumes without you knowing it, you need to monitor your IP reputation as part of your cybersecurity program.
Explore these ten ways to improve your IP reputation that can help you identify and remediate problems, giving your email a better chance of going to your recipients’ inboxes.
1. Separate your marketing and business transaction email servers
Marketing emails and business transaction emails serve different purposes. Your marketing department likely sends a higher volume of emails than your workforce members. One way to increase your IP reputation is to separate these two email servers from one another.
By using two separate servers, you increase the IP reputation of both of them. First, it reduces the total number of emails sent from either server. Second, it gives you a way to ensure that business transaction emails make it to the intended recipient’s inbox.
2. Warm up the IP Reputation
If you decide to use two separate email servers, you want to “warm-up” your marketing email IP address. With IP warming, you send small volumes of email, gradually increasing the amount over time. If you send a large volume of email from the IP address on the first day, then spam filters will recognize this, and your IP reputation will plummet all over again.
Some best practices for IP warming include:
- Establishing feedback loops: make sure to remove any email addresses that marked your messages as spam or individuals who requested to opt-out
- Prioritizing engaged users: send small batches of emails to users more likely to click through and not delete to prevent getting marked as spam
- Cleaning up your database: remove inactive and lapsed recipients to increase the percentage of users clicking through
- Starting with the best you have: start with a proven, high performing campaign such as coupons or discounts to get the click-through rate up and build the IP reputation
While IP warming is a great way to control IP reputation, it is not always necessary. If you are using two different servers but have shared IP addresses, then there is not a need for warming. IP warm-up only applies if you’re using a dedicated IP address.
3. Check servers for malware infections
Cybercriminals that infect email servers with malware can use them as “zombie” machines. In other words, they control the device and use it to send out malicious spam messages without your knowledge. When spam filters pick up these emails, they attribute them back to your “zombie” server and assume that you’re the one sending the infected emails.
Often, malicious actors connect a series of zombie servers, creating a botnet. Then, they use the botnet to engage in additional malicious activities such as credential leaks, unauthorized access, and Distributed Denial of Service (DDoS) attacks.
If you monitor your servers for malware and remove it, you can get a boost to your IP reputation.
4. Review reasons for hosting a public proxy server
Proxy servers sit between your users’ computer and the internet, acting as a gate through which data traffic travels. When your user connects to a website, they send data through the proxy server. The data request is sent to the website, which returns a response that has to cross through the proxy server again. Proxy servers can enhance security when set up correctly.
However, public proxy servers can increase data security risks that lower your IP reputation. Often, malicious actors anonymize their proxies as part of their attack methodologies. If you’re using a public proxy server, IP reputation software mistakes your proxy for a malicious, anonymized one.
5. Set public proxy server policies
If you’re satisfied with the reason for using a public proxy server, then you need to place controls around it to help improve your IP reputation. For example, as part of your public proxy server policy, you should deny access to any web-based applications. Doing this reduces a malicious actor’s chances of stealing user ID and password information.
Additionally, you want to make sure that your corporate email server doesn’t use a public proxy to protect your IP reputation. Ensuring that your email server uses a private proxy protects important email credentials and reduces the likelihood that cybercriminals will be able to use it as part of a botnet.
Furthermore, if you are using a public proxy server, you want to make sure to filter out illegitimate or malicious IP addresses. With the right web traffic filtering tool, you try to mitigate risk. Unfortunately, even with web filtering, cybercriminals can find a way around the denial policies by:
- Using dynamic IP addresses
- Using a fake IP address
- Leveraging botnets
6. Implement authentication for proxy servers
If your organization uses a private proxy server, you still want to put some controls in place to protect your IP reputation. A fundamental control is implementing authentication. Similar to authenticating a user to an application, proxy server authentication is a way to ensure that the right users are accessing the server.
Generally speaking, the proxy authentication is in the HTTP header. When a user sends a request to the proxy server, the server sends back an authentication request. Once a user proves that they should have access, the web server can store the authentication information so the user doesn’t need to provide it again in the future.
By implementing authentication for proxy servers, you increase the security, which ultimately increases the IP reputation.
7. Set up a web application firewall (WAF)
A WAF is a firewall used by a web application server that reviews requests to filter out malicious web traffic. Many WAFs offer IP Reputation Filter policies that can be used at either the network or application layer.
Some of the filters include:
- Geographic location
- Known risky IP addresses
- Anonymous proxies
8. Monitor for connections to command-and-control (C&C) servers
Cybercriminals use C&C servers to send commands to malware-infected systems and devices. When malicious actors use “zombie” servers, they usually send the information from their C&C servers.
One way to detect C&C servers is to set up a honeypot. Honeypots are a security tool that “act” like traditional targets. For example, you might set up a network with all the same rules and protections as your core network. When cybercriminals are in the learning or “reconnaissance” phase, they will treat this honeypot network the same way they treat your core network.
Using the honeypot, you can gain visibility into how their attack works and look for similar activities on the core network. This lets you discover potentially compromised servers and increases your IP reputation.
9. Review all subdomains
Your top-level domain (TLD) is the primary web address for your company. When you’re organizing your website, your subdomains are how you organize additional resources. For example:
- Top-level domain: www.myamazingcompany.com
- Subdomain: www.mail.myamazingcompany.com
- Subdomain: www.store.myamazingcompany.com… subdomain then has its own IP reputation. Often, the subdomains are hosted on different servers, and since each server is a device connected to the internet, each one has a different IP address.
This offers two benefits. First, you can separate your marketing and business transaction email IP reputations. Second, you can more clearly view the IP address causing the IP reputation problem. If you have the two domains together, it’s harder to figure out whether the IP reputation issue is from the marketing emails being tagged as spam or another underlying cause.
10. Set up an SSL/TLS certificate
Secure Sockets Layer (SSL) certificates are small data files that encrypt data shared from a server to another location, like another server or a browser. Transport Layer Security (TLS) is a newer, more secure encryption protocol that protects data the same way an SSL certificate does.
SSL/TLS certificates not only improve security but also offer a way to verify an IP address. The digital certificates certified the device identity on the network. Whether you’re looking to increase the reputation of a public or private IP address, verifying the IP address is a way to prove that it’s not a malicious actor’s anonymized IP. This means that IP reputation services will be less likely to consider your IP address a threat.
SecurityScorecard’s continuous IP reputation monitoring
SecurityScorecard’s easy-to-read A-F security ratings provide at-a-glance visibility into your IP reputation. Organizations looking to gain holistic visibility into their cybersecurity posture and that of their third-party vendors can leverage SecurityScorecard’s security ratings platform that continuously monitors for risks that impact your IP reputation, providing real-time visibility and actionable alerts. Our IP Reputation and Malware Exposure module uses open source threat intelligence (OSINT) malware feeds and third-party threat intelligence data. Then, we apply our sinkhole system that ingests millions of malware signals from C&C infrastructures. We process all of this data to create an IP reputation score that uses the quantity and duration of malware infections as the determining factor for calculation the Malware Exposure Key Threat Indicators.
Organizations can gain valuable insight into their cybersecurity posture by incorporating IP reputation and our other nine categories of risk, including application security, DNS health, endpoint security, network security, patching cadence, and web application security. Our security ratings platform gives you a holistic view of your entire digital ecosystem so that you can better protect data throughout your supply chain.