Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Whitelisted Email from Domain
  FAQ FAQ  Forum Search   Register Register  Login Login

Whitelisted Email from Domain

 Post Reply Post Reply
Author
Stephane View Drop Down
Newbie
Newbie


Joined: 16 October 2006
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote Stephane Quote  Post ReplyReply Direct Link To This Post Topic: Whitelisted Email from Domain
    Posted: 05 February 2007 at 10:15am
Hi,
We have domains that we have whitelisted

But the problem is that some spammers are using their domains to send spam, but from another mail server as theirs. By adding the domains in the whitelist, thier emails are coming through for them also. Is spamfilter doing a MX record lookup when a domain is whitelisted or it bypasses everything because it is whitelisted ?

Shouldn't it verify for MX and/or other whitelist functions even if it is whitelisted ? (example of domains: DELL.COM / IBM.COM
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 05 February 2007 at 5:36pm
Stephane,

If you whitelist domain name, you do risk spammers faking that domain.
When SpamFilter checks the MX record, it simply checks to ensure the domain has a valid MX record. That's all it can do, as outgoing mail server are often different than the servers accepting incoming emails as listed in the MX records.

The feature that you're talking about, if I understood you correctly, is already available. It's called SPF (Sender Policy Framework). Basically the sender's domain administrators specify via DNS what servers are allowed to send emails on their behalf. If an email is received from an IP that has not been authorized by the SPF policies from the domain administrator, it is rejected. The SPF information is added to the DNS by the companies that decide to employ them. If a company has adopted SPF, SpamFilter will use that information to filter their email.

In your example, DELL.COM did implement SPF. If you enable the SPF filter in SpamFilter (it's on by default), then you should never receive spam emails where the sender is "faked" to appear from dell.com.

For ibm.com.... well, there's a real surprise here. The IBM administrators configured the SPF record for IBM.COM to say basically that *ALL* addresses in the form user@IBM.COM are to be rejected. Now either (1) this is a huge mistake on behalf of IBM's admins, or (2) all of IBM's addresses are in the form user@us.ibm.com or user@something.IBM.COM.





Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.047 seconds.