Cornerstone incident

Spamhaus Temporarily Blacklisted US Email IP

Notice Resolved View vendor source →

Cornerstone experienced a notice incident on August 12, 2025, lasting —. The incident has been resolved; the full update timeline is below.

Started
Aug 12, 2025, 07:17 PM UTC
Resolved
Aug 12, 2025, 09:30 AM UTC
Duration
Detected by Pingoru
Aug 12, 2025, 07:17 PM UTC

Update timeline

  1. resolved Aug 12, 2025, 07:17 PM UTC

    The US email-sending IP 35.80.141.6 was temporarily blacklisted by Spamhaus, a leading global email reputation authority, due to poor email hygiene detected in email activity originating from certain customer accounts. The listing lasted for approximately 21 minutes, from 2:12 AM PT to 2:33 AM PT. Please also refer to the related Known Issue page for additional details - Known Issue: Spamhaus Temporarily Blacklisted US Email IP ( https://cornerstoneondemand.my.site.com/s/articles/Known-Issue-Spamhaus-Temporarily-Blacklisted-US-Email-IP )

  2. postmortem Aug 16, 2025, 05:47 AM UTC

    **Issue Summary:** On 12th August 2025, internal monitoring through identified a temporary block by Spamhaus, which affected outbound email delivery for a brief period. The incident impacted users across multiple AWS US regions, causing potential delays in email communication. **Root Cause:** The block occurred because bulk emails were sent without both SPF and DKIM authentication. Under Gmail’s updated policies, missing DKIM or SPF can cause authentication failures, which in turn triggered Spamhaus to temporarily list the sending IP. **Corrective Action:** The affected IP was delisted from Spamhaus, and normal email delivery resumed. Measures were also taken to prevent further email authentication failures. **Preventive Measures:** To reduce recurrence, Cornerstone will: * Ensure all bulk email senders have both SPF and DKIM configured * Monitor email delivery and blacklist status regularly * Quickly identify and block any sources causing authentication failures