What is a security suspension for a Certified IP address?

A security suspension results when email activity across a Certified IP address appears suspicious. Return Path uses a number of tools to monitor activity over your Certified IP addresses.  When we notice abnormal activity (such as a blacklisted domain or a malicious URL in your email content, or an uncharacteristic increase in sending volume), the IP addresses are suspended.

When a Certified IP address receives a security suspension, it temporarily loses Certification benefits until the security event is cleared and compliance thresholds are met. As a precaution, Certified IP addresses showing abnormal activity are immediately suspended and then reviewed and verified by a Certification analyst within one hour of detection. If the suspicious activity is determined to be a legitimate security compromise, customers are notified and provided information about the suspension to help determine a cause.

How security and compliance suspensions differ

  • Security suspensions are immediate, content-based suspensions designed to detect compromises or abuse of your Certified IP addresses. 
  • Compliance suspensions are based on a 30-day quantitative performance metrics, such as complaint rate, spam trap hits, and Sender Reputation Data (SRD) junk rate. Simply exceeding a complaint rate threshold or spam trap threshold doesn't mean that a security compromise exists. 
Was this article helpful?
0 out of 1 found this helpful
Have more questions? Submit a request