Trusted Senders going to Junk Folder
Idea shared by Kevin McNally - February 27, 2018 at 4:48 PM
Proposed
Ever since we upgraded to Version 16 last week our Emails with Voicemail attachments are going into our Junk Folders. The email address is added as a Trusted Sender at the Domain Level, but it is still triggering spam checks. Prior to the upgrade we had no problems with this, please help because we are missing important calls!
 
I setup a content filter to move them to our inbox but this isn't working either.
 
[2018.02.26] 08:34:52 [69387] Delivery started for cloud@nettelone.com at 8:34:52 AM
[2018.02.26] 08:34:56 [69387] Message exceeds maximum scanning size, skipping content based checks.
[2018.02.26] 08:34:57 [69387] Spam check results: [_REVERSEDNSLOOKUP: failed], [_COMMTOUCH: 0,Unknown], [_MESSAGESNIFFER: 0,code:0], [_SPF: SoftFail], [_DKIM: None], [CBL - ABUSE SEAT - DO NOT CHECK OUTGOING: passed], [HOSTKARMA - BLACKLIST: passed], [SORBS COMBINED: passed], [SPAMCOP: passed], [SPAMHAUS - PBL 1: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - ZEN: passed], [UCEPROTECT LEVEL 1: passed]
[2018.02.26] 08:34:58 [69387] Starting local delivery to kmcnally@interactivepalette.com
[2018.02.26] 08:34:58 [69387] Delivery for cloud@nettelone.com to kmcnally@interactivepalette.com has completed (Delivered to Junk E-Mail) Filter: Spam (Weight: 20), Action (Global Level): MoveToFolder Junk E-Mail
[2018.02.26] 08:34:58 [69387] End delivery to kmcnally@interactivepalette.com (MessageID: <20180226133449.93B2BC61FA1@fe-642b-9q.coredial.com>)
[2018.02.26] 08:34:58 [69387] Delivery finished for cloud@nettelone.com at 8:34:58 AM [id:687369387]
[2018.02.26] 09:47:22 [70467] Delivery started for cloud@nettelone.com at 9:47:22 AM
[2018.02.26] 09:47:27 [70467] Spam check results: [_REVERSEDNSLOOKUP: failed], [_COMMTOUCH: 0,Unknown], [_MESSAGESNIFFER: 0,code:0], [_SPF: SoftFail], [_DKIM: None], [CBL - ABUSE SEAT - DO NOT CHECK OUTGOING: passed], [HOSTKARMA - BLACKLIST: passed], [SORBS COMBINED: passed], [SPAMCOP: passed], [SPAMHAUS - PBL 1: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - ZEN: passed], [UCEPROTECT LEVEL 1: passed], [URIBL - BLACK: passed]
[2018.02.26] 09:47:28 [70467] Starting local delivery to kmcnally@interactivepalette.com
[2018.02.26] 09:47:28 [70467] Delivery for cloud@nettelone.com to kmcnally@interactivepalette.com has completed (Delivered to Junk E-Mail) Filter: Spam (Weight: 20), Action (Global Level): MoveToFolder Junk E-Mail
[2018.02.26] 09:47:28 [70467] End delivery to kmcnally@interactivepalette.com (MessageID: <20180226144717.CE96DC62EFD@fe-642b-9q.coredial.com>)
[2018.02.26] 09:47:28 [70467] Delivery finished for cloud@nettelone.com at 9:47:28 AM [id:687370467]
[2018.02.26] 14:02:26 [74807] Delivery started for cloud@nettelone.com at 2:02:26 PM
[2018.02.26] 14:02:30 [74807] Spam check results: [_REVERSEDNSLOOKUP: failed], [_COMMTOUCH: 0,Unknown], [_MESSAGESNIFFER: 0,code:0], [_SPF: SoftFail], [_DKIM: None], [CBL - ABUSE SEAT - DO NOT CHECK OUTGOING: passed], [HOSTKARMA - BLACKLIST: passed], [SORBS COMBINED: passed], [SPAMCOP: passed], [SPAMHAUS - PBL 1: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - ZEN: passed], [UCEPROTECT LEVEL 1: passed], [URIBL - BLACK: passed]
[2018.02.26] 14:02:32 [74807] Starting local delivery to kmcnally@interactivepalette.com
[2018.02.26] 14:02:32 [74807] Delivery for cloud@nettelone.com to kmcnally@interactivepalette.com has completed (Delivered to Junk E-Mail) Filter: Spam (Weight: 20), Action (Global Level): MoveToFolder Junk E-Mail
[2018.02.26] 14:02:32 [74807] End delivery to kmcnally@interactivepalette.com (MessageID: <20180226190222.8860AC63FF9@fe-642b-9q.coredial.com>)
[2018.02.26] 14:02:32 [74807] Delivery finished for cloud@nettelone.com at 2:02:32 PM [id:687374807]

31 Replies

Reply to Thread
0
Hi Kevin. Can you please post the headers for that message? Thanks.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Here is one of them Linda.

Return-Path: <cloud@nettelone.com>
Received: from fe-642b-9q.coredial.com (UnknownHost [198.58.43.100]) by mail.interactivepalette.com with SMTP;
Mon, 26 Feb 2018 14:02:23 -0500
Received: from localhost.localdomain (fe-642b-9q.coredial.com [127.0.0.1])
by fe-642b-9q.coredial.com (Postfix) with ESMTP id 8860AC63FF9
for <kmcnally@interactivepalette.com>; Mon, 26 Feb 2018 14:02:22 -0500 (EST)
MIME-Version: 1.0
Content-Transfer-Encoding: binary
Content-Type: multipart/mixed; boundary="_----------=_1519671742239810"
X-Mailer: MIME::Lite 3.027 (F2.77; T1.28; A2.04; B3.08; Q3.08)
Date: Mon, 26 Feb 2018 14:02:22 -0500
From: cloud@nettelone.com
To: kmcnally@interactivepalette.com
Subject: New Voicemail From 774-365-4637
Message-Id: <20180226190222.8860AC63FF9@fe-642b-9q.coredial.com>
X-SmarterMail-Spam: Reverse DNS Lookup, Commtouch 0 [value: Unknown], Message Sniffer 0 [code:0], SPF_SoftFail, DKIM_None
X-CTCH-RefId: str=0001.0A020205.5A9459C5.0137,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
X-MessageSniffer-ResultCode: 0
X-SmarterMail-TotalSpamWeight: 20 (Trusted Sender - Domain, failed SPF)
1
Thanks Kevin. I'm assuming the address you have added to the Trusted Sender's List is cloud@nettelone.com? And that was working prior to your upgrade? The strange thing is this...

SmarterMail-TotalSpamWeight: 20 (Trusted Sender - Domain, failed SPF)

SmarterMail is actually seeing this as a Trusted Sender, but it's not sending it to the Inbox. In this case, I believe you have found an actual bug. You may want to report this as a bug to SM support.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Thank you Linda, that is a huge help.
0
My pleasure Kevin.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
From what the header is showing the email is failing SPF checks. We have run into this in the past plenty of times. Could be legitimate or a bug. DKIM and SPF checks will send a message to junk regardless of if the sender is trusted or not.
0
Thanks Ryan. The reason I think this is a bug is because it worked before the upgrade without issue. So it's either a new feature or a bug in my opinion.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
We have seen a good amount of issues with SPF, half have been bugs and half have been changes to how SPF checks were happening. They always get sorted out with tickets though.
0
I have seen a lot too. I'm glad ST support is on top of fixing them.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Yes we need a fix for this. I have resorted to whitelisting IPs to get around this issue for my clients, which doesn't make me happy as its resulting in whitelisting very large blocks of IPs and this increases the amount of spam that gets through.
0
I guess adding IP's to the IP Bypass is the only way to make this work right now, this was the response to my ticket:

We did make some recent changes to SmarterMail in the way we validate trusted senders. If a trusted sender or trusted domain fails the SPF or DKIM check they are considered untrusted and will still be marked as spam if they are sending from unauthorized IP addresses or we're detecting a DKIM failure.

Please let me know if you have any questions or concerns.
0
They need to provide a way to override the defaults on a per email or per domain basis, at least on a temporary basis. Sometimes getting the other company to update their DNS records with the proper SPF entries is like pulling teeth.
0
Kevin,

That's how this has worked for us for awhile. I can see the benefit of this feature because SPF and DKIM failing usually means either someone is spoofing or the sender has either setup incorrectly. I do see an absolute need to be able to be able to disable this without whitelisting IP's, that just creates a lot of other possible headaches.
0
I wouldn't add IPs to the SMTP Auth Bypass list if I were you as that can cause issues. I would add the IPs to the whtelist instead. Still not the best solution, but I believe this would be the only way around the issue besides getting the admin of the sending servers to fix their SPF and/or DKIM records.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
I agree with you Ryan.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
1
Any fix for this yet? We still get trusted senders being blocked because of a DKIM fail. I understand there were some changes to how you treat trusted senders but having to manually whitelist their IP is kinda ridiculous...

X-SmarterMail-TotalSpamWeight: 30 (Trusted Sender - User, failed DKIM)
0
Charles, as of the most recent update SM still ignores trusted senders and contacts if they fail a DKIM or SPF check.
0
Thanks for the quick reply Ryan. I don't know how it is for you guys but, here in Quebec, SPF and DKIM fails are pretty frequent. This is a pretty big issue since it's impossible for us to whitelist everyone. Any idea if they are working on a workaround?
0
We just recently adjusted our weights on Bayesian and a couple other filters and it's put a lot of these messages that fail DKIM and SPF under the the junk weight limit. Take a look and see what your SPF and DKIM fail weights are set to, maybe lower them.
0
Got it thanks. I've continued reading on the subject after my last post and got to understand that what I see on a regular basis are not "DKIM fails" but something like "DKIM_none" which only means that it isn't configured on the domain. I still think we need a workaround to make sure that trusted senders are never being put in the junk folder but this is not as big an issue as I thought.
0
Any news on this? I've still got users that get their trusted senders blocked because of DKIM fails / DKIM_none. Making changes to every domain filter weights is a workaround but causes problems when you need to propagate new filter weights to everyone.
0
This new behavior of Smartermail ignoring trusted sender is really making huge trouble for us.
Would appreciate a response from Smartermail team.
Cloud AcropolisYour true Omani Cloud Partner
2
Andrea Rogers Replied
Employee Post
Hi all,

Even if a user or domain is on your trusted senders list, SmarterMail will still do some basic checks to ensure the sender is actually the sender. While some email systems allow trusted senders to be delivered to a user's Inbox without any validation checks, that can lead to major issues. As it is, anyone can write any return path that they want when sending a message. Spammers know this and can exploit mail servers that have implicit trust and flood users with hundreds and hundreds of messages that aren't truly from a "trusted" sender. This jeopardizes the security of that mail server.

Therefore, SmarterMail will always run SPF and DKIM checks to guarantee the return path of an email. Using SPF and DKIM checks, even on trusted senders, allows SmarterMail to reverse the domain and IP address that sends a message to make sure they match. If they do not, there is a very good chance that someone is impersonating the sender, which invalidates the trusted status. Even if the message isn't actually spoofed, that sender's domain has SPF and/or DKIM mis-configured. Services like Gmail, Office 365, Yahoo and others, are beginning to enforce strict implementations of security measures such as SPF, DKIM and even DMARC. So sending domains with incorrect set ups in any of these areas will see more and more issues when sending messages. Administrators need to be aware of this and ensure that their servers and domains are set up properly to avoid any delays in sending mail.

I understand you'd prefer an option to override this functionality, without needing to whitelist the sender's IP address. I will add this request to our discussion list and provide an update when it is available. 

Andrea Rogers
Customer Operations Manager
SmarterTools Inc.
877-357-6278

www.smartertools.com

2
Can we get status update on this issue ....all the company is wasting their time going to the spam folder to move emails ....we meed immediate resolution 
1
Hi,

We are facing this issue since we upgraded to 16.x and thought it might be because of our misconfiguration.  Now seems it is a bug since more users complains are there.  Can Smartertool support this takes very seriously and  give us a fix asap.
2
Kyle Kerst Replied
Employee Post
The fix for these issues will vary depending on the individual use case. In the original user's posting, trusted sender email was going into the junk mail folder due to those messages failing very basic antispam checks:

[_REVERSEDNSLOOKUP: failed], [_COMMTOUCH: 0,Unknown], [_MESSAGESNIFFER: 0,code:0], [_SPF: SoftFail], [_DKIM: None], [CBL - ABUSE SEAT - DO NOT CHECK OUTGOING: passed], [HOSTKARMA - BLACKLIST: passed], [SORBS COMBINED: passed], [SPAMCOP: passed], [SPAMHAUS - PBL 1: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - ZEN: passed], [UCEPROTECT LEVEL 1: passed], [URIBL - BLACK: passed] 

While I understand the desire to disable these checks on trusted senders, this could also be leveraged by spammers to flood your inbox as well. A spam agent would only need to identify a trusted sender on your server in order to bypass your spam checks. In this case the resolution is to correct the issues causing SPF and RDNS checks to fail, at which point these messages should be delivered to the inbox successfully. This is the expected functionality of SmarterMail, and you'll need to get to the bottom of why these spam checks are failing. If you need help doing so, please don't hesitate to reach out to our support team as we'd be happy to help narrow this down.
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
So bottom line is that trusted senders is not actually working unless all the conditions are perfect.

I thought the purpose of the trusted sender function is to bypass any spam filtering issues.
But if the solution is to correct the senders emails server I think its a huge fail.



2
Heimir,

The idea here is that these methods (SPF and RDNS) are used to track down spoofers, and I doubt you want spoofers to have free reign to make it past all spam checks based solely on being in someones trusted senders list.

I do agree it can be frustrating, and maybe we should have the ability to disable that, but this ultimately is the result of lazy admins who don't want to configure their end correctly. Someone failing SPF needs to resolve that, and if we give in to requests to 'whitelist us so we make it through' then those lazy admins can just continue to be lazy.

0
I get that but whats the point of having a trusted sender if its not just that -  a trusted sender.

Now its a trusted sender only if the mail server is set up correctly.

Might as well just remove the trusted sender options since its not actually working.


2
The way SM works is correct -- need to validate address is not spoofed before it can trust.

But here's how to bypass:
  • Enter the IP address of the trusted sender's server.  That will deliver the message with no spam checks.
  • Alternatively, disable SPF and DKIM scoring and that might do the trick.
4
Hi all,

Indeed, the way that SmarterMail works right now is correct and us that are concerned with making sure only legitimate email flows to/from our servers would like to keep it it this way.

We`ve had enough trouble in the past with scammers exploiting the Trusted Sender functionality of SmarterMail and thus being able to send emails to the users pretending to be one of their Trusted Senders, when in fact they were sending from totally different addreses and domains. Please see this thread: https://portal.smartertools.com/community/a91739/spammers-impersonation-of-users-what-should-i-do.aspx

The pure and simple fact is that any email system in this day and age should have proper SPF and DKIM set up - otherwise the basic identity of the sender cannot be validated. Do you want to have SPAM/dangerous emails sent for your someone impersonating your own mom (which is probably a Trusted Sender) if they failed basic identity checks like SPF DKIM? I am sure you do not.

Just because an email is presented in the FROM field of a mail envelope, this does not mean that the mail is coming from that email - so how do you know if it`s the Trusted Sender you have in our address book?

Reply to Thread