Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - SFI and Whitelisted Email Address From
  FAQ FAQ  Forum Search   Register Register  Login Login

SFI and Whitelisted Email Address From

 Post Reply Post Reply
Author
__M__ View Drop Down
Groupie
Groupie


Joined: 30 August 2006
Location: Australia
Status: Offline
Points: 75
Post Options Post Options   Thanks (0) Thanks(0)   Quote __M__ Quote  Post ReplyReply Direct Link To This Post Topic: SFI and Whitelisted Email Address From
    Posted: 29 September 2006 at 4:08am
Hey all (and Roberto in particular),

SFI is working great here and is well exceeding my expectations however I have a problem that there may be a current workaround for or maybe this "hole" may need to be added to the wishlist for investigation.

If a spammer sends us mail using our domain (eg mydomain.com) that is being spoofed and the same domain (mydomain.com) is in the Excluded FROM Emails whitelist the message will bypass the filters. Is there anyway whatsoever to have other filters (blacklist type) overide whitelist rules?

Maybe something like :overide at the end of the blacklist entry rule could take priority over any whitelisting.

Examples

In HoneyPot or FROM Emails it would be spoofuser@mydomain.com:overide (obviously this couldnt reflect a real email address).

In Keywords Filter it would be email advertise like this:overide

Whilst we could just remove mydomain.com from the whitelist I would prefer to keep the domain listed to ensure that users sending mail from there home's ISP are less likely to experiance problems when their ISP's server is blacklisted.

Any ideas on an existing solution or have you come across this scenerio Roberto.

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 29 September 2006 at 3:40pm
We recommend *not* whitelisting your domain, since, as you already noticed , spammers will spoof it to send you emails.

To protect administrators from this, there is already a very efficient solution. It's SPF (Sender Policy Framework). Please see www.openspf.org for more details. In short however, SPF is used by administrators to identify, via DNS, the servers/subnets that are authorized to send emails using your domain name.

If a mail server supports SPF (SpamFilter does...), when an email arrives from a domain, the server will query the domain's DNS for their SPF record. The SPF record will tell the server if that IP is authorized to send emails for that domain. If it's not, the email is rejected.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.063 seconds.