A security suspension results when email activity across a Certified IP address appears suspicious. Return Path uses a number of tools to monitor activity over your Certified IP addresses. When we notice abnormal activity (such as a blacklisted domain or a malicious URL in your email content, or an uncharacteristic increase in sending volume), the IP addresses are suspended.
When a Certified IP address receives a security suspension, it temporarily loses Certification benefits until the security event is cleared and compliance thresholds are met. As a precaution, Certified IP addresses showing abnormal activity are immediately suspended and then reviewed and verified by a Certification analyst within one hour of detection. If the suspicious activity is determined to be a legitimate security compromise, customers are notified and provided information about the suspension to help determine a cause.
How security and compliance suspensions differ
- Security suspensions are immediate, content-based suspensions designed to detect compromises or abuse of your Certified IP addresses.
- Compliance suspensions are based on a 30-day quantitative performance metrics, such as complaint rate, spam trap hits, and Sender Reputation Data (SRD) junk rate. Simply exceeding a complaint rate threshold or spam trap threshold doesn't mean that a security compromise exists.