Cisco says mea culpa on bounced emails

Powered by SC Magazine
 

Claims problem fixed.

Cisco Systems claims to have remediated the issue at the heart of widespread email failures for businesses in Australia and globally in recent days.

As first reported by iTnews, a reconfiguration in the company's IronPort SenderBase service (set to be rebranded as Cisco Security Intelligence Operations) caused it to erroneously block outbound email for business users across Australia since Monday at the earliest.

Cisco Systems today told iTnews that the problem was global and affected a much wider base than Australia.

The SenderBase service takes in 35 percent of the world’s email traffic – some 100 million messages a day, chewing through four terabytes of data daily from 750,000 endpoints across Cisco’s customer base.

The company first detected the problem Tuesday morning in California, or Monday night in Australia.

“Cisco became aware
 of an issue that resulted in Cisco email security products blocking some
 legitimate email senders,” the company said in an emailed statement.

“This was the result of recent algorithm 
updates that focused on newly identified internet traffic behaviors
 indicating spam activity. Unfortunately, this traffic behavior is also
 seen in some legitimate email activity, resulting in the inaccurate 
blocks.

”

Glenn Welby, manager of the IronPort portfolio in the Asia Pacific region, explained that Cisco hires some 500 employees to monitor changing patterns in email behaviour and identify shifts in the way criminals attempt to extort money or send spam.

At times these staff adjust the 200-odd elements that contribute to the web reputation algorithm accordingly.

“Our staff noted a particular change in the way criminal behaviour was taking place and changed the algorithm to diminish the reputation of email sent under those conditions,” he said, declining to disclose the criminal activity under investigation.

“Candidly, we made a mistake and impacted some legitimate users.”

Cisco’s statement suggests the algorithm was remediated by Tuesday evening on the US West Coast, or Wednesday morning in Australia.

But SenderBase profiles showed Australian customers were still impacted as late as Thursday morning Australian time.

“In our 'follow-the-sun' model of tech support, the caseload began in the United States, has moved over to Australia today and will move to Europe when the Australian team goes to bed,” Welby said.

Welby said the company is still undertaking root-cause analysis for an issue that is “only 24 hrs old in US terms".

He said it would be premature for network and server administrators to make changes to their domain pointer structure to remediate the problem, as suggested in iTnews’ initial article.

“In [building] the elements that create a reputation and feeding it into SIO, we have a good understanding of what is legitimate and what is not legitimate activity. This was simply a mistake," he said.

“We’ve rectified that, and the issue is fixed for any end user who has IronPort in their environment.”

Welby said it would be disingenuous to nominate a date for when those blacklisted by SenderBase would have their reputation scores return to normal.

Copyright © iTnews.com.au . All rights reserved.


Cisco says mea culpa on bounced emails
 
 
 
Top Stories
Soft drinks and SoftLayer: A solution for hard times?
Coca-Cola Amatil's CIO Barry Simpson shares his story of cost-cutting, outsourcing and why his software developers to ride around in delivery trucks.
 
Optus considers breaking net neutrality in Australia
May charge Netflix, OTT providers for premium service.
 
AGL restructure sees CIO depart
Owen Coppage to leave after ten years.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Small business win in a budget with 'fair' savings: Abbott
Apr 17, 2015
Tony Abbott has reaffirmed that the government’s aim is “always to get taxes ...
Xero now includes an inventory function built-in
Mar 26, 2015
Xero has added inventory and other major new features to the latest release of its cloud ...
Apple reveals its new MacBook
Mar 13, 2015
Replacing the MacBook Air as Apple's thinnest laptop, the new MacBook comes packed with features.
Xero has released a new version of its app for the iPad
Mar 6, 2015
iPad-wielding Xero users can now take advantage of a new version of the iOS app for the cloud ...
Microsoft is offering Azure for Disaster Recovery to Australian SMBs
Feb 10, 2015
If you haven't talked to your IT provider about disaster recovery, it might be worth discussing ...
Latest Comments
Polls
Do you support the Government's data retention scheme?

   |   View results
Yes
  11%
 
No
  89%
TOTAL VOTES: 2317

Vote