Print Page | Close Window

SFI and Whitelisted Email Address From

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5814
Printed Date: 23 October 2017 at 7:52am


Topic: SFI and Whitelisted Email Address From
Posted By: __M__
Subject: SFI and Whitelisted Email Address From
Date Posted: 29 September 2006 at 4:08am
Hey all (and Roberto in particular),

SFI is working great here and is well exceeding my expectations however I have a problem that there may be a current workaround for or maybe this "hole" may need to be added to the wishlist for investigation.

If a spammer sends us mail using our domain (eg mydomain.com) that is being spoofed and the same domain (mydomain.com) is in the Excluded FROM Emails whitelist the message will bypass the filters. Is there anyway whatsoever to have other filters (blacklist type) overide whitelist rules?

Maybe something like :overide at the end of the blacklist entry rule could take priority over any whitelisting.

Examples

In HoneyPot or FROM Emails it would be spoofuser@mydomain.com:overide (obviously this couldnt reflect a real email address).

In Keywords Filter it would be email advertise like this:overide

Whilst we could just remove mydomain.com from the whitelist I would prefer to keep the domain listed to ensure that users sending mail from there home's ISP are less likely to experiance problems when their ISP's server is blacklisted.

Any ideas on an existing solution or have you come across this scenerio Roberto.




Replies:
Posted By: LogSat
Date Posted: 29 September 2006 at 3:40pm
We recommend *not* whitelisting your domain, since, as you already noticed , spammers will spoof it to send you emails.

To protect administrators from this, there is already a very efficient solution. It's SPF (Sender Policy Framework). Please see www.openspf.org for more details. In short however, SPF is used by administrators to identify, via DNS, the servers/subnets that are authorized to send emails using your domain name.

If a mail server supports SPF (SpamFilter does...), when an email arrives from a domain, the server will query the domain's DNS for their SPF record. The SPF record will tell the server if that IP is authorized to send emails for that domain. If it's not, the email is rejected.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window