Trusted sender intermittently being ignored
Problem reported by mark - May 4 at 2:05 AM
Submitted
Since upgrading to SM16 we've had several complaints from customers receiving emails marked as SPAM in the subject line even though the senders domain is white listed. 
 
Here are two samples from the delivery logs taken this morning - the same sender, the same recipient - one email marked as SPAM and the other not:
 
This message processed correctly with senders domain clearly marked as trusted (I've put that line in bold):
 
[2018.05.04] 00:25:51 [76394] Delivery started for Bureau1@groupauto.co.uk at 00:25:51
[2018.05.04] 00:26:03 [76394] Starting Spam Checks.
[2018.05.04] 00:26:04 [76394] Spam check results: [_REVERSEDNSLOOKUP: passed], [_BAYESIANFILTERING: passed], [_DK: None], [_DKIM: Pass], [BARRACUDA: passed], [SORBS: passed], [SPAMCOP: passed], [ZEN: passed]
[2018.05.04] 00:26:04 [76394] Spam Checks completed.
[2018.05.04] 00:26:06 [76394] Starting local delivery to orders@highlandmotorparts.co.uk
[2018.05.04] 00:26:06 [76394] Skipping spam filtering: Trusted Sender (system level)
[2018.05.04] 00:26:06 [76394] Delivery for Bureau1@groupauto.co.uk to orders@highlandmotorparts.co.uk has completed (Delivered) Filter: None
[2018.05.04] 00:26:06 [76394] End delivery to orders@highlandmotorparts.co.uk (MessageID: <1.dbca1a5492a9552cba6c@GASRV-MAMapp>)
[2018.05.04] 00:26:09 [76394] Removing Spool message: Killed: False, Failed: False, Finished: True
[2018.05.04] 00:26:09 [76394] Delivery finished for Bureau1@groupauto.co.uk at 00:26:09             [id:x66889376394]
 
Another message from the same sender to the same recipient sent two hours later (subject prefixed as SPAM-MED, senders domain should be trusted):
 
[2018.05.04] 02:53:38 [76946] Delivery started for Bureau1@groupauto.co.uk at 02:53:38
[2018.05.04] 02:53:50 [76946] Starting Spam Checks.
[2018.05.04] 02:53:50 [76946] Spam check results: [_REVERSEDNSLOOKUP: passed], [_BAYESIANFILTERING: passed], [_DK: None], [_DKIM: Fail], [BARRACUDA: passed], [SORBS: passed], [SPAMCOP: passed], [ZEN: passed]
[2018.05.04] 02:53:50 [76946] Spam Checks completed.
[2018.05.04] 02:53:53 [76946] Starting local delivery to orders@highlandmotorparts.co.uk
[2018.05.04] 02:53:53 [76946] Delivery for Bureau1@groupauto.co.uk to orders@highlandmotorparts.co.uk has completed (Delivered) Filter: Spam (Weight: 16), Action (Global Level): PrefixSubject [-SPAM-MED-]
[2018.05.04] 02:53:53 [76946] End delivery to orders@highlandmotorparts.co.uk (MessageID: <1.8222fd94e66c2fbef7f4@GASRV-MAMapp>)
[2018.05.04] 02:53:56 [76946] Removing Spool message: Killed: False, Failed: False, Finished: True
[2018.05.04] 02:53:56 [76946] Delivery finished for Bureau1@groupauto.co.uk at 02:53:56             [id:x66889376946]
 
I might be missing something, but I can't see any differences between these two messages apart from the missing entry that indicates "Skipping spam filtering".
 
This is causing some issues with systems that collect and process incoming emails automatically - they expect the subject line to be unmolested but SM16 is prefixing some of these subject lines and not others.
 
I'd be very grateful for any suggestions.

2 Replies

Reply to Thread
1
Nicolas Fertig Replied
Not 100% sure but I think SPF and DKIM fails are not bypassed for the trusted senders.

It looks on your second message that DKIM check has failed.
0
Matt Petty Replied
Employee Post
Correct, if either of those 2 fail then we cannot trust the validity of the sender and thus we don't trust it. Having this mechanism in place prevents an otherwise easily abuse-able way to guarantee spam delivery to a mailbox.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread