Trusted Contact From getting by spam filters.
Question asked by Barbara Renowden - January 10 at 8:17 AM
Unanswered
Ok, so I have a client/domain that is getting spoofed emails looking like they are coming from their email address.  They get a lot of these a day.  They get passed because it is a trusted sender in their contacts (themselves).  Is there a way to put a stop to this.  I believe there should be a way but am stuck on this one.  We do not manage their DNS and I have asked them to set up DKIM but in the meantime trying to figure out a way to get this to stop. Below is the headers of one of the emails.  Notice the From has my users email address.  This is spoofing obviously.  She also has her email address on the contact list, why would this still get through when it is obviously not from herself. Thanks. 
 
Return-Path: <contact@smpx.starlliance.net>
Received: from smpx.starlliance.net (smpx.starlliance.net [209.222.4.83]) by mail.centricweb.net with SMTP;
Tue, 9 Jan 2018 01:56:55 -0600
MIME-Version: 1.0
From: "=?UTF-8?Q?=42=69=6c=6c=69=6e=67_=43=6f=6e=66=69=72=6d=61=74=69=6f=6e?=" <myuser@theirdomain.com>
To: myuser@theirdomain.com
Subject: =?UTF-8?Q?=50=61=79=6d=65=6e=74_=72=65=63=65=69=76=65=64=23=37=35=33=35=37=2c_=44=61=74=65=64=3a_=4d=6f=6e=64=61=79=2c_=38_=4a=61=6e=75=61=72=79?=
Content-Type: text/html; charset=UTF-8
Date: Tue, 9 Jan 2018 02:57:35 -0500
Importance: High
Sensitivity: High
X-Priority: 1
Message-ID: <7ae0205631c84d6ea012ff9fabb05ca7@com>
X-Exim-Id: 7ae0205631c84d6ea012ff9fabb05ca7
X-SmarterMail-Spam: Bayesian Filtering, Commtouch 40 [value: Confirmed], ISpamAssassin 0 [raw: 0], SPF_Pass, DK_None, DKIM_None, SORBS 06 - RECENT
X-CTCH-RefId: str=0001.0A020205.5A5475DA.0051,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - Contact)

Barbara Renowden President / Co-Founder Centric Web, Inc. https://www.centricweb.com

7 Replies

Reply to Thread
1
kevind Replied
Barbara,
 
This has been a known issue for a couple years. See:
 
I don't think DKIM will help, but you could remove it from Trusted Senders so at least it gets scored by spam checks.
 
It would be nice if SM would require SMTP authentication for any emails that have a From address that's a local domain.
 
Kevin
1
Matt Petty Replied
Employee Post
We have a fix for this. Per a discussion we had internally we decided to remove trusted sender from checking the From and the ReplyTo header fields and now it will exclusively check returnpath.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Barbara Renowden Replied
So when will this be implemented?

Barbara Renowden President / Co-Founder Centric Web, Inc. https://www.centricweb.com

0
Matt Petty Replied
Employee Post
It will be in the next 16 minor, which will either be end of this week or next week. Though it's looking like we'll do it this week, though that can change.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Barbara Renowden Replied
ok thank you.

Barbara Renowden President / Co-Founder Centric Web, Inc. https://www.centricweb.com

0
Jay Altemoos Replied
So I am guessing that version 15 users will not see this update?
0
Matt Petty Replied
Employee Post
I migrated the change into 15 as well, you should see it in the next 15 update.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread