Background
The mailspike services were introduced around February 2008 and have since then played an important role on email filtering within our anti-spam solution.
The mailspike services empowers your organization to identify and block known spammers.
These services are intended to provide all receivers and reputation providers a baseline of data to help block the senders with the worst reputations.
All IP addresses listed on our services are being continually monitored and the lists are updated frequently.
Reputation Data
The mailspike services consist of two complementary data sets:
1. Reputation Data
The reputation data is compiled on top of specific characteristics and over-time behavior of IP addresses seen sending direct-to-MX email.
The reputation data compiles a score which will dictate the likelihood of an IP address being used to send spam. The computed score is then split into several categories as seen below:
| Category/Level | Description |
|---|---|
| L5 (-5) | Worst possible reputation |
| L4 (-4) | Very bad reputation |
| L3 (-3) | Bad reputation |
| L2 (-2) | Suspicious behavior |
| L1 (-1) | Neutral - Probably spam |
| LH0 | Neutral |
| H1 (+1) | Neutral - Probably legit |
| H2 (+2) | Possible legit sender |
| H3 (+3) | Good Reputation |
| H4 (+4) | Very good Reputation |
| H5 (+5) | Excellent Reputation |
2. Zero-Hour Data
Also known as ZBI, this data set lists IP addresses seen participating in a distributed spam wave. It does not take into consideration over-time IP behavior. Instead, it tries to detect viral behavior shared by one or more clusters of IP addresses.