04-03-2012 10:48 AM
I represent an ESP (Email Service Provider), Total Send www.totalsend.com
Our emails contain dynamic links for tracking link clicks, viewing content in the web-browser, reporting abuse, and most importantly for unsubscribing from mailing lists.
Trend Micro is blocking all of our dynamic links generated by our mailing application. An example of an unsubscribe link is: http://app.totalsend.com/u.php?p=1wp/rs/5h3/w1/1r2
I have checked on http://global.sitesafety.trendmicro.com/ and all of our links are being classified as Dangerous with the categorization of a Disease Vector.
This is not the first time they have been classified as this. I have had them previously re-classified, but now they have gone back again.
Could you please issue an urgent re-classification request. There is absolutely nothing malicious about our site. And by blocking people from unsubscribing from legitimate email newsletters, you are causing people to feel like they are being spammed.
Could someone please advise who I can contact on this matter to get this resolved urgently and permanently? I can't seem to find a way to make contact with a human from Trend Micro...
Also, is there any way to whitelist this address or subdomain so this does not happen in the future?
04-03-2012 03:01 PM
In line with your concern, I just submitted a case for the URL re-classification. As per the results, the URL has been blocked by automation system last Wed Jan 04 01:35:00 CST 2012. As of now, it has been already unblocked and rated it as Email.
You may check the rating from the link below:
Also, in case you need to contact technical support in the future, you may visit our support website to check for phone and online support:
Hope this helps. Thank you.
04-03-2012 10:58 PM
Thanks you so much for sorting this out so quickly. There is only 1 other URL which is still being blocked: (Forward to a Friend: http://app.totalsend.com/f.php?p=2s5/2i3/rs/v6/149
is there anyway to have domains or links whitelisted for the future? this is not the first time this has happened on our unsubscription links, and has caused havoc for ourselves and our customers. how and why does it happen at all?
04-04-2012 08:15 AM
Regarding your second concern about getting links whitelisted, I believe this may not be possible as we cannot really say if these URLs will maintain its integrity as a safe website. I mean we can never tell, right? Our system will only block these URLs if it detects malicious activities.
Just my two cent.
04-04-2012 08:18 AM
Sure thats completely fair enough. But perhaps your algorithms could be fixed to stop flagging false postives.
How do I investigate why these links were marked as malicious in the first place, and stop this from happening again?
04-04-2012 09:15 AM
They aren't false positives. We have a complex, proprietary system that evaluates URLs based on a number of factors including the presence of actual malware, correlation with other threat behavior such as spam content and origination, historical information about the URL/domain, etc.
The bottom line is that we process billions of URLs, emails, and files daily and by correlating all of this information we can determine the reputation of a given URL and assign a numerical value to that URL that represents the riskiness of said URL.
Unfortunately because the bad guys would love this information too, we can't tell you exactly why those URLs ended up on the list, but I can tell you if they ended up on the list, it wasn't by accident. Without fully understanding your computing environment and business, I can't give you specific ways to prevent this from happening again, but the high level recommendations would be:
1. Make sure any emails originating from your IP addresses aren't spam (set up a global outbound email filter or subscribe to a hosted service offering)
2. Make sure your IPs/domains/URLs aren't hosting malware. You could use some type of software on the servers to scan files, or use a web filtering gateway type solution.
Trend Micro Inc.
04-04-2012 10:59 AM
The URL, http://app.totalsend.com/f.php?p=2s5/2i3/rs/v6/149
Let us know if you have further concerns. Thank you.
05-17-2012 12:54 PM
Upon verification, we found out that juvms.com is inaccessible, which is registered for 1 year only. There are also no other reliable information about this site.
vew.me on the other hand is not found when we try to access it. Also, no other information about this site is available.
Kindly send us some screenshots of these sites if there are available. Thank you.