Esva Labs Reputation Services


Esva Labs maintains a number of reputation services that are used by the Libra Esva email security appliances.

This is the list of reputation services that are currently deployed and maintained:

  • Phishing Site Database
  • URI Sandbox
  • Graymailing Sender Reputation Database


Phishing site database

It is composed of a blacklist of known phishing sites, a list of suspected phishing sites and a whitelist of safe sites.

The Libra Esva email security appliances, when configured, add a warning to links to suspect phishing sites and blocks emails with links to blacklisted phishing sites.

See the manual for instructions on how to change phishing settings in Libra Esva.


URI Sandbox

The URI Sandbox service is available to all Libra Esva appliances starting with version 4.0.

It is composed of an URL rewriting module residing on Libra Esva appliances and of a web service that analyzes in real time the content of the target web page as soon as the user clicks on the link.

See this article on our knowledge base for details on how this service works.


Graymailing sender reputation database

This is a service based on a plugin running on the Libra Esva appliances that queries in real time the Esva Labs DNS blocklist to get reputation information about the reputation of the sender domain and ip address.

The output of this module is a score that is added to all the other anti-spam scores and therefore contributes to the final score for the analyzed email.

The Esva Labs DNS blocklist contains both domains and ip classes, each entry is assigned a category (black, grey, white) based on the type of traffic.

The target of this service is to penalize gray (advertising) email traffic.

The administrator of a Libra Esva appliance can enable or disable this module on a domain basis.


Listing methodology

Our reputation services gather many different inputs:

  • Our collaborative false-positive and false-negative reporting system (see the manual for more information). Systems administrators can submit samples of emails that deliver spam/phishing/malware/virus, such samples are analyzed in real time by our analysts. This blend of human expertise and information automation is one of the main contributors for adjusting reputation levels in all of our reputation services.
  • Public information processing. We query a number of public services to get information about domains, IP classes, public white and black lists. We programmatically correlate all the available information to provide a reliable contribution to the reputation score.
  • In addition to the previous information sources, heuristics on web site behavior are run every time our URI sandbox is activated. the target of these heuristic checks is to detect dangerous content even when it is not already known. The system learns from the heuristics and, learning the relationships between sites and domains, calculates an accurate website reputation score.
  • Detectors and spamtraps. We also use these traditional methods even though they are becoming less important every day.


Removal request

We provide a way to request and adjustment of our reputations scores.

If you believe that your website or domain or ip class has been wrongly penalized, you can file a removal request to ask for a review.

Removal requests are usually analyzed within 24 hours. Multiple requests will be ignored.

To submit a removal request follow this link