SDR: Sender Maturity FAQ

Available Languages

Updated:June 18, 2020
Document ID:215660

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

Cisco Talos Sender Domain Reputation (SDR) is a cloud service that provides a reputation verdict for email messages based on a sender’s domain and other attributes. This domain-based reputation analysis enables a higher spam catch rate by looking beyond the reputation of shared IP addresses, hosting or infrastructure providers, and derives verdicts based on features associated with fully qualified domain names (FQDNs) and other sender information in the Simple Mail Transfer Protocol (SMTP) conversation and email headers.

Q. What Does "Sender Maturity" Mean?

A. Domain Age is a misleading term and was recently changed to Sender Maturity (see the latest SDR Whitepaper). We say it's misleading because it does not in fact equal to a domain's age as reflected by the domain’s registration date. Sender Maturity continues to be labeled as Domain Age in the ESA tracking log for the time being, although this might change in a future release. Talos uses multiple internal sources of data to derive Sender Maturity.

Note:Talos cannot disclose details about the sources used to derive Domain Maturity, outside of the information that has already been published in the latest SDR Whitepaper, as this constitutes Cisco Talos proprietary information. 

Q. Can Talos Manually Change The Sender Maturity?

A. No, Talos does not manually change a domain’s Sender Maturity. Sender Maturity automatically changes based on changes in the internal data context available for the domain at a point in time.

Q. Why Does a Domain Have a Different Sender Maturity After a Short Period of Time?

The first message displays a sender maturity of 10 months:

02 Apr 2020 09:40:38 (GMT +02:00)
Message 82366447 Domains for which SDR is requested: reverse DNS host: xxxxxxx.com, helo: xxxxxxx.com, env-from: xxxxxxx.net, header_from: xxxxxxx.net, reply_to: Not Present

02 Apr 2020 09:40:38 (GMT +02:00)
Message 82366447 Consolidated Sender Reputation: Neutral, Threat Category: N/A. Youngest Domain Age: 10 months 15 days for domain: xxxxxxx.net


The second message displays a sender maturity of 13 days - even though it is the same domain:

12 May 2020 09:54:12 (GMT +02:00)
Message 86558836 Domains for which SDR is requested: reverse DNS host: xxxxxxx.com, helo: xxxxxxx.com, env-from: xxxxxxx.net, header_from: xxxxxxx.net, reply_to: Not Present

12 May 2020 09:54:12 (GMT +02:00)
Message 86558836 Consolidated Sender Reputation: Weak, Threat Category: N/A. Youngest Domain Age: 13 days for domain: xxxxxxx.net

A. The sources Talos uses for deriving Sender Maturity can change based on changes in the internal data context about a domain. This can result in seeing different Domain Age labels for a given domain in the ESA message tracking log like in the example above. While rare, such changes are to be expected and do not require intervention.

Revision History

Revision Publish Date Comments
1.0
18-Jun-2020
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Bianca Suciu
    Engineer Research
  • Jean Orozco
    Cisco TAC

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products