Trust Sender Issue with .us domain?
Problem reported by TJ - 11/12/2019 at 4:31 PM
Resolved
Hi, I have users that are unable to "trust" the sender of an email that ends up in the Junk folder - which is a problem...

The other problem is the .us domain in question was already been added to the domain settings as a trusted domain, so it shouldn't have even been "caught" as Junk - can anyone else confirm if SM has any issues with .us domains?

Thanks, TJ

5 Replies

Reply to Thread
0
Kyle Kerst Replied
Employee Post
Hello TJ, good afternoon. Typically when trusted senders arrive in the Junk folders this is because their domain is failing SPF or RDNS checks. To prevent spammers leveraging trusted sender lists to send spam to your users, trusted senders will still be subjected to Reverse DNS and SPF lookups to verify the sender's identity. Can you confirm the problematic domain has a valid RDNS value set up and has an SPF record published? DNS requirements for sending email are outlined here for reference: 


I have also included a primer on SPF/DKIM/RDNS/etc here: 


Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
TJ Replied
The company with the .us domain uses Google apps for either email . All servers in the MX are Google servers and their SPF is correct. They don't publish a DMARC record. So based on that, I would say they fulfill the base requirements... TJ
0
Kyle Kerst Replied
Employee Post
It does sound like they meet those requirements! I would get a support ticket submitted on this one so we can get to the bottom of it. In the meantime, if you can post the header values (spam checks) from the raw content of the message this might help shed some light on the root cause. 
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Emily Ward Replied
Employee Post
Hi TJ,

I went ahead and started a support ticket for you from this thread.
Emily Ward
Customer Relations and Partner Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Tony Scholz Replied
Employee Post
Hello,


Trusted Senders is designed to allow you to skip SPAM checks for specified email address and domains. This is skipped in 2 cases. DKIM and SPF are still checked to protect your system,


Trusted Senders
Domain Administrators can add specific email addresses (such as jsmith@example.com) or domains (such as example.com) that will be exempted from spam filtering. This can prevent mail from friends, business associates and mailing lists from being blocked and lets the system know that these messages come from a trusted source. Note: Email addresses in a user's contacts are always considered trusted senders. In addition, if users unmark a message as spam, the sender is automatically included on their personal trusted senders list.

Here is an article that has a more robust description of why SPF and DKIM are exempt from the Trusted Senders.
When the DKIM and SPF both pass the SPAM weight is zeroed out for "Trusted Senders". The header for this looks like this.


X-SmarterMail-Spam: SPF_Pass, HostKarma - Whitelist, Reverse DNS Lookup [Passed], ISpamAssassin 0 [raw: 0], DK_Pass, DKIM_Pass
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - Domain)

When either the SPF and/or DKIM fail then the full spam weight of all failed checks are brought forward and passed on. This header will have a line like this.


X-SmarterMail-Spam: SPF_SoftFail, Reverse DNS Lookup [Passed], ISpamAssassin 7 [raw: 5], DK_None, DKIM_None
X-SmarterMail-TotalSpamWeight: 19 (Trusted Sender - User, failed SPF)

There is a workaround that can be used. This may open up your server depending on the IP address that is giving the issue. The first step is to get the IP address that is triggering the SPF / DKIM failure. This can be found in 2 places. The first place to look is in the header of the email. Look for the first "Received: from" line


Return-Path: <user@domain.tld>
Received: from localhost (domain.tld [127.0.0.1]) by mail.domain.tld with SMTP
    (version=TLS\Tls12
    cipher=Aes256 bits=256);
Received: by localhost (Postfix, from userid 33)
    id 3710522744; Wed,  7 Aug 2019 03:49:49 -0400 (EDT)
To: user@domain.tld
Subject: SUBJECT_HERE
From: "User" <user@domain.tld>
Reply-To: user@domain.tld
Content-Type: text/plain; charset=utf-8
Message-Id: <20190807074949.3710522744@localhost>
Date: Wed,  7 Aug 2019 03:49:49 -0400 (EDT)
X-SmarterMail-Spam: SPF_SoftFail, Reverse DNS Lookup [Passed], ISpamAssassin 7 [raw: 5], DK_None, DKIM_None
X-SmarterMail-TotalSpamWeight: 19 (Trusted Sender - User, failed SPF)

If there is more than one "Received: from" line you can ten check the "Spam Checks" log on the server . This log will need to be set to "Detailed" before the email hits the server to use it. In the logs you will want to look for the below lines.


[2019.08.07] 10:31:54.019 [20573] Running SPF check
[2019.08.07] 10:31:54.066 [20573] SPF Fail. IP: 134.209.32.16, Sender: bounce@webpronews.com, FailReason: Not Permitted
[2019.08.07]     SPF Record: v=spf1 mx ip4:66.28.139.0/24 ip4:38.103.22.0/24 ip4:159.0.0.0/8 ip4:165.0.0.0/8 a:webpronews.com -all
[2019.08.07] 10:31:54.066 [20573] Finished SPF check; result = Fail

The number in brackets [ ##### ] is the session ID number and the IP address is the IP being tested.


Thank you

Tony Scholz
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread