Black list "From email"
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6145
Printed Date: 12 March 2025 at 8:16pm
Topic: Black list "From email"
Posted By: Stupid
Subject: Black list "From email"
Date Posted: 12 July 2007 at 2:32pm
|
I am thinking to put all our users email addresses into Blacklist "From email." The Spamfilter ISP is not our outgoing SMTP server; it is a receiving only. The reason for doing this is that very often spammer would spoof the From email address like this: From: John@abc.com To: Jane@abc.com I got questions from users like every other day. Is this a good strategy? |
Replies:
Posted By: mbrusl
Date Posted: 13 July 2007 at 12:14am
| If you put your mail server's smtp on an alternate port and let Spamfilter handle both incoming and outgoing, I beleave you wont have to problem that much. Spamfilter is capable of handling authentication for your users then handing off mail to your mail server to actually do the sending of the mail. This is the way I have mine setup and it traps all spam on both sides. It also tells me if a user on the network has been abusing/sending spam. |
Posted By: IKILLSPAM1
Date Posted: 13 July 2007 at 12:09pm
|
Hey Stupid, lol, well that is your name. An easier approach would be to go into Filter Settings and check off From domain = To Domain This would block your example above. I do this as well. |
Posted By: Stupid
Date Posted: 13 July 2007 at 12:44pm
This has already been checked. didn't not work.
|
IKILLSPAM1 wrote:Posted By: LogSat
Date Posted: 14 July 2007 at 11:41am
|
Please note that SpamFilter acts upon the addresses specified in the "MAIL FROM" and "RCPT TO" commands. Any other emails specified in the "To:" and "From:" headers are ignored as they are only used to display an address in email clients, and are not the ones emails will be delivered to. Also please remember that, instead of using the more "Dart Vader-like" rule of blocking emails where the "from domain = to domain" you could implement an SPF (Sender Policy Framework) DNS record in your DNS. As SpamFilter does support the SPF standard, this will allow you to specify what IP networks are allowed to send emails "from" you domain. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: WebGuyz
Date Posted: 14 July 2007 at 11:21pm
However, SPF doesn't do any good if the spammer used the 'Return Path' to specify the senders name as SPF only checks the FROM: field. ------------- http://www.webguyz.net |
Posted By: mbrusl
Date Posted: 15 July 2007 at 3:59am
|
Why not add domainkeys to the mix as another filter check. Shouldn't be that difficult to do. Think of it this way, one of the only frontend spam filtering appz out on the market that has both. SPF and DomainKeys. Michael |
Posted By: LogSat
Date Posted: 15 July 2007 at 9:52am
Actually the "Return-Path" header cannot be used by spammers/users. The "Return Path" header is added by *mail servers* when they receive the email. It will replace whatever "Return-Path" is already present in the email, and will be populated by the mail server with the address in the "MAIL FROM" command, which is the one SpamFilter acts upon. Please note that SpamFilter will also add another header, X-SF-RX-Return-Path, that will contain the same address we added in the "Return-Path". This is because when SpamFilter forwards an email to a server, this latter mail server will also replace the "Return-Path" with the "MAIL FROM" it receives. We just want to make sure we document in the email's headers what "MAIL FROM" was used to send the email to SpamFilter, in case this somehow changes during the email's life. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Stupid
Date Posted: 16 July 2007 at 6:02pm
| Well, do you guys think my method will work though? |
Posted By: LogSat
Date Posted: 17 July 2007 at 10:12pm
|
I honestly do not think it would work. Enabling the filter that blocks emails where the "FROM domain = TO domain" should stop all the same emails that would be stopped if you added all your users in a "from blacklist". In addition, the "FROM domain = TO domain" filter should also block additional emails even from fake senders that simulate incorrect, random users from your domains, which would not be blocked by your blacklist. Please note that SpamFilter ignores the address in the "From" header, as that is used only to display an email address in Outlook clients. The actual address being acted upon is the one specified in the "MAIL FROM" command, which is usually the same one that mail servers will add to the "Return Path". SpamFilter logs that address in the header "X-SF-RX-Return-Path". ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |