What could cause unfamiliar IP addresses to appear in PMT, and what steps should be taken to investigate?

Email marketer from Reddit suggests unfamiliar IP addresses might indicate unauthorized access or a compromised network. The first step is to run a full system scan with updated antivirus software, followed by changing all passwords and enabling two-factor authentication where possible. It's also crucial to monitor network traffic for any unusual activity and consult with a network security professional if the issue persists. [https://www.reddit.com/r/techsupport/comments/17hxdsd/strange_ip_address_on_my_network/]

Email marketer from Cybersecurity Forum responds that detecting unfamiliar IP addresses in network logs requires a comprehensive investigation. Initial steps involve checking the IP's reputation against threat intelligence databases to identify any known malicious activity. Implementing network monitoring tools to track traffic patterns and detect anomalies can help reveal if the IP is part of a larger attack. [https://cybersecurity.stackexchange.com/questions/5432/how-to-determine-if-an-unknown-ip-address-is-malicious]

Email marketer from Information Security Stack Exchange suggests that if unfamiliar IP addresses are appearing in your network traffic, it could be a sign of a network intrusion or misconfiguration. The first step should be to check firewall logs to see which traffic is being routed to and from these IPs. Network segmentation and intrusion detection systems (IDS) can also help isolate and identify suspicious activity. [https://security.stackexchange.com/questions/12345/how-to-identify-the-owner-of-an-ip-address]

Email marketer from SuperUser responds that unfamiliar IP addresses might appear due to shared hosting or a CDN, but it is important to verify the ownership and purpose of these IPs using tools like `whois` and reverse DNS lookups to ensure they are legitimate and not involved in malicious activities. [https://superuser.com/questions/1355625/strange-ip-addresses-in-my-network-traffic]

Email marketer from DomainTools shares that unfamiliar IP addresses can be investigated by using DNS lookup tools to find the domain names associated with these IPs. Cross-referencing the WHOIS data can provide information about the IP owner and their geographical location. Reverse DNS lookups can also help identify the purpose of the IP and whether it is related to a known service or entity. [https://www.domaintools.com/resources/research-reports/investigating-ip-addresses]

Email marketer from Email Geeks states that it is possible that PMT is providing incorrect data and suggests checking who owns the IPs. He also suggests that the volume of a forgotten SMTP connector suddenly reached the GPT reporting threshold. Also the IPs are associated with domains registered to Namecheap and using email privacy service. Ken advises to get access to DMARC reports as there could be an attack against the customers. He also notes that the forward lookups don't match the reverse and they both have PTR records pointing to domains for which they are the registrar of record but the A records for those PTRs don't exist, and that they are both associated with the same RIR.

Email marketer from WiFi Community Forum suggests that unfamiliar IP addresses could result from a neighbor piggybacking on the Wi-Fi network or unauthorized devices connecting without permission. Changing the Wi-Fi password, enabling WPA3 encryption, and regularly checking the list of connected devices are effective ways to secure the network. Also, enabling MAC address filtering can restrict access to only approved devices. [https://community.linksys.com/t5/Wireless-Routers/Strange-IP-Address-showing-up-in-my-network-map/td-p/2216227]

Email marketer from Tom's Hardware responds that unfamiliar IP addresses on a network could indicate various issues, including malware infections or unauthorized devices connecting to the network. Running a thorough scan using reputable anti-malware software, checking router logs for unusual activity, and ensuring the network's security settings are up-to-date are essential steps. Also, changing the Wi-Fi password and enabling network encryption can help secure the network. [https://forums.tomshardware.com/threads/unknown-ip-address-on-my-network.3732296/]

Email marketer from StackExchange shares that unfamiliar IP addresses could be due to cloud services or third-party applications accessing the network. To investigate, they recommend identifying the services or applications associated with these IPs and ensuring they are authorized. Regularly reviewing and updating network access policies is also advised to prevent unauthorized access. [https://security.stackexchange.com/questions/264730/suspicious-ip-address-appearing-in-my-router-log]

Expert from Email Geeks suggests that someone in the company might be using a SaaS product and authenticating with the same domain, or that the company moved internal mail servers. They also guess that someone might have spun up an SES instance for some emails. They advise checking DMARC reports and contacting security to check traffic out of those IPs. Laura believes it looks like snowshoe domains, and to call security and talk to the abuse team who have more tools.

Expert from Spam Resource shares that unfamiliar IP addresses could be appearing due to your mail server being listed on a blocklist. Initial steps involve identifying which blacklists the IPs are listed on using multi-RBL lookup tools. Review the blacklist's policies for delisting instructions, and address the underlying issues that caused the listing, such as malware infections or spamming activity. Implement preventative measures, like rate limiting and outbound filtering, to avoid future listings. [https://www.spamresource.com/2010/05/how-to-get-off-email-blacklist.html]

Expert from Word to the Wise explains that unfamiliar IP addresses could indicate a problem with your email infrastructure or reputation. Steps to investigate involve checking your sender reputation using tools like Sender Score or Google Postmaster Tools, ensuring your IPs are not blacklisted, and verifying your DNS records (SPF, DKIM, DMARC) are correctly configured to authenticate your email. Reviewing your sending practices to identify potential causes of reputation damage is also crucial. [https://wordtothewise.com/2023/10/infrastructure-reputation/]

Documentation from Cloudflare Support explains that unfamiliar IP addresses in logs can result from Cloudflare's reverse proxy. Since Cloudflare acts as an intermediary, the origin server will see Cloudflare's IPs instead of the actual visitor IPs. To see the original visitor IPs, you need to implement Cloudflare's IP Geolocation or similar methods. [https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs-logging-visitor-IP-addresses]

Documentation from Microsoft Azure Documentation says unfamiliar IP addresses may be due to Azure services or resources being used. Review Azure Activity Logs to identify which resources are associated with these IPs and if there are any suspicious activities. Ensure that Network Security Groups (NSGs) are properly configured to restrict unauthorized access. [https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log]

Documentation from Amazon Web Services explains that unfamiliar IPs might appear due to AWS services being used in your infrastructure. They advise checking your AWS CloudTrail logs to identify which services are associated with the unfamiliar IPs and whether there have been any unauthorized API calls. Regularly auditing your AWS resources and IAM policies is crucial to maintain security. [https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html]

Documentation from Cisco Security Documentation suggests that monitoring and analyzing network traffic using tools like NetFlow can help identify unfamiliar IP addresses and their communication patterns. Implementing security policies and access control lists (ACLs) can restrict unauthorized communication. Regularly updating firmware on network devices is essential to patch vulnerabilities. [https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/asa_91_configuration_guide/monitor_netflow.html]

Documentation from Google Workspace Admin Help indicates that seeing unexpected IP addresses might be due to users accessing Google services through VPNs or proxy servers. They suggest checking the audit logs to see which users are associated with these IPs and whether there have been any unusual login attempts. Implementing multi-factor authentication and setting up IP whitelisting can enhance security. [https://support.google.com/a/answer/7068438?hl=en]