Is Sendermail(2) not checked when blocking a domain or email in SMTP Blocks?
Problem reported by Richard Clafton - 4/3/2019 at 12:29 PM
We get a lot of spam that comes from Amazon Hosted Email and keeps getting through the SMTP blocks.

[2019.04.03] 14:07:01.880 [][52854072] senderEmail(1): 01000169e49462ca-6384880a-9cec-44d1-a6e5-0c94e1069d57-000000@amazonses.com parsed using: <01000169e49462ca-6384880a-9cec-44d1-a6e5-0c94e1069d57-000000@amazonses.com>

[2019.04.03] 14:07:02.286 [][52854072] senderEmail(2): info@gettheunlimitedleadgenerator.com parsed using: "Small Business Funds Fast" <info@gettheunlimitedleadgenerator.com>

I have gettheunlimitedleadgenerator.com and also info@gettheunlimitedleadgenerator.com in the SMTP blocks, but they never get blocked.    Which is why I ask the question.  

Without the custom rules working in 7016 I have no way of combatting this at this time.  These spammers are hiding behind the reputation(!) of Amazon to get their mail through the spam checkers.


2 Replies

Reply to Thread
Richard Clafton Replied
Is this being ignored?   A simple yes or no would suffice.
Duarte Replied
We are looking at a situation where senderemail(2) is used to spoof the From field, so that it looks like the mail was sent from the same domain as the person who received the message.

Reply to Thread