For the past week we’ve got around 555 total messages. Of those 51 are classifed as Threat Unknown - Other Servers and it’s always colocrossing.com. I can go back in the history for this particular customer and colocrossing.com is a repeat offender on a regular basiss. I’ve confirmed with my customer that this is not a trusted source. Is there anything further I should be doing, other than acknowledging it in the reports? I should note that all of these show as being Quarantined so my policy is working.
Hi Ryan,
From a DMARC enforcement, consider moving your policy enforcement further to a p=reject policy to ensure those emails are not accepted at all by receivers. Of course, only advance your policy once you are ready to do so.
This sender is a hosting provider and this past week has seen a lot of suspicious activity from many of its IPs.
Alternatively, you may report abuse with ColoCrossing directly at More Info | ColoCrossing using their “Report Abuse” form. When providing information, share as much details as you have. Sending domain, sending IP, date, message ID if you have a sample, etc.
I hope this helps.
1 Like