Print Page | Close Window

Whitelisted Email from Domain

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5968
Printed Date: 23 October 2017 at 11:19am


Topic: Whitelisted Email from Domain
Posted By: Stephane
Subject: Whitelisted Email from Domain
Date Posted: 05 February 2007 at 10:15am
Hi,
We have domains that we have whitelisted

But the problem is that some spammers are using their domains to send spam, but from another mail server as theirs. By adding the domains in the whitelist, thier emails are coming through for them also. Is spamfilter doing a MX record lookup when a domain is whitelisted or it bypasses everything because it is whitelisted ?

Shouldn't it verify for MX and/or other whitelist functions even if it is whitelisted ? (example of domains: DELL.COM / IBM.COM



Replies:
Posted By: LogSat
Date Posted: 05 February 2007 at 5:36pm
Stephane,

If you whitelist domain name, you do risk spammers faking that domain.
When SpamFilter checks the MX record, it simply checks to ensure the domain has a valid MX record. That's all it can do, as outgoing mail server are often different than the servers accepting incoming emails as listed in the MX records.

The feature that you're talking about, if I understood you correctly, is already available. It's called SPF (Sender Policy Framework). Basically the sender's domain administrators specify via DNS what servers are allowed to send emails on their behalf. If an email is received from an IP that has not been authorized by the SPF policies from the domain administrator, it is rejected. The SPF information is added to the DNS by the companies that decide to employ them. If a company has adopted SPF, SpamFilter will use that information to filter their email.

In your example, DELL.COM did implement SPF. If you enable the SPF filter in SpamFilter (it's on by default), then you should never receive spam emails where the sender is "faked" to appear from dell.com.

For ibm.com.... well, there's a real surprise here. The IBM administrators configured the SPF record for IBM.COM to say basically that *ALL* addresses in the form user@IBM.COM are to be rejected. Now either (1) this is a huge mistake on behalf of IBM's admins, or (2) all of IBM's addresses are in the form user@us.ibm.com or user@something.IBM.COM.







-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window