THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
26-Apr-22 |
Initial Release |
Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
---|---|---|---|---|
NON-IOS |
AsyncOS for Secure Email |
12 |
12.0.0, 12.1.0, 12.5.0, 12.5.3 |
|
NON-IOS |
AsyncOS for Secure Email |
13 |
13.5.1, 13.5.3 |
|
NON-IOS |
AsyncOS for Secure Email |
14 |
14.0.0 |
Defect ID | Headline |
---|---|
CSCwb32685 | sdr-age values above 30 days deprecated |
Cisco Talos has determined that the use of a domain age greater than 30 days does not improve threat detection. Cisco plans to make a retroactive backend service change to the domain age on October 24, 2022, which will result in a maximum domain age of 30 days. In order to avoid false positives and false negatives, or unintentionally block and allow email, cloud and on-prem customers who use a domain age of 31 days or greater in message and content filters must modify the filters to use domain ages of 30 days or less.
As part of an ongoing effort to modernize infrastructure and improve efficacy, Cisco Talos will modify the domain age in order to more accurately capture the maturity of a domain. For more details on the change, see Configure Sender Domain Reputation for ESA.
The new limit to the Sender Domain Age in threat detection will have an impact in these cases:
The Email Gateway has one or more message/content filters configured to match a Sender Domain Age greater than 30 days.
Sender Domain Age data from the logs or message tracking data will be used to derive additional insights or other processing. For example, tracking events and mail logs would change as shown here:
Before: Thu Apr 7 15:21:00 2022 Info: MID 25 SDR: Consolidated Sender Reputation: Neutral, Threat Category: N/A. Youngest Domain Age: 35 years 4 months 27 days for domain: cisco.com
After: Thu Apr 7 15:21:00 2022 Info: MID 25 SDR: Consolidated Sender Reputation: Neutral, Threat Category: N/A. Youngest Domain Age: 30 days for domain: cisco.com
If you have message filters, complete Solution 1. If you use message tracking or external log analysis, complete Solution 2. If you have message filters and use message tracking/external log analysis, complete solutions 1 and 2.
Solution 1. Message Filters
Change or remove message/content filter conditions which are configured to match a Sender Domain Age greater than 30 days, as appropriate to your environment.
Solution 2. Message Tracking or External Log Analysis
Adjust any usage of the logging or message tracking data, taking into consideration that the Sender Domain Age shall be limited to a maximum of 30 days. For example, if this logging or message tracking data is being ingested into external systems such as Security Information and Event Management (SIEM) tools and so on, the data would need to be adjusted accordingly, taking into consideration that domain age would be capped at a maximum of 30 days.
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.