LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Hi,
We have domains that we have whitelisted

But the problem is that some spammers are using their domains to send spam, but from another mail server as theirs. By adding the domains in the whitelist, thier emails are coming through for them also. Is spamfilter doing a MX record lookup when a domain is whitelisted or it bypasses everything because it is whitelisted ?

Shouldn't it verify for MX and/or other whitelist functions even if it is whitelisted ? (example of domains: DELL.COM / IBM.COM

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Stephane Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 16 October 2006 Status: Offline Points: 5	Post Options Post Reply Quote Stephane Report Post Thanks(0) Quote Reply Topic: Whitelisted Email from Domain Posted: 05 February 2007 at 10:15am
	Hi, We have domains that we have whitelisted But the problem is that some spammers are using their domains to send spam, but from another mail server as theirs. By adding the domains in the whitelist, thier emails are coming through for them also. Is spamfilter doing a MX record lookup when a domain is whitelisted or it bypasses everything because it is whitelisted ? Shouldn't it verify for MX and/or other whitelist functions even if it is whitelisted ? (example of domains: DELL.COM / IBM.COM

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 05 February 2007 at 5:36pm
	Stephane, If you whitelist domain name, you do risk spammers faking that domain. When SpamFilter checks the MX record, it simply checks to ensure the domain has a valid MX record. That's all it can do, as outgoing mail server are often different than the servers accepting incoming emails as listed in the MX records. The feature that you're talking about, if I understood you correctly, is already available. It's called SPF (Sender Policy Framework). Basically the sender's domain administrators specify via DNS what servers are allowed to send emails on their behalf. If an email is received from an IP that has not been authorized by the SPF policies from the domain administrator, it is rejected. The SPF information is added to the DNS by the companies that decide to employ them. If a company has adopted SPF, SpamFilter will use that information to filter their email. In your example, DELL.COM did implement SPF. If you enable the SPF filter in SpamFilter (it's on by default), then you should never receive spam emails where the sender is "faked" to appear from dell.com. For ibm.com.... well, there's a real surprise here. The IBM administrators configured the SPF record for IBM.COM to say basically that ALL addresses in the form user@IBM.COM are to be rejected. Now either (1) this is a huge mistake on behalf of IBM's admins, or (2) all of IBM's addresses are in the form user@us.ibm.com or user@something.IBM.COM.
	Roberto Franceschetti LogSat Software Spam Filter ISP

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Whitelisted Email from Domain