Amazon SES
Idea shared by Chris - 8/5/2020 at 11:49 AM
Proposed
We are seeing more companies using Amazon SES for smtp outbound services. Some are legitimate emails and some are spam. These emails somehow come hiding the "from" email address so you can't block an email address, domain, or EHLO domain on the SMTP Block list. The only way to block it at the SMTP level is to put amazonses.com on the SMTP blocklist, which will block all legitimate emails for other companies. Is anyone else having this issue? It would be nice to have Smartermail intelligently look at how they configured the "from address" so we can block it at SMTP. 

2 Replies

Reply to Thread
0
We are having similar issues. 
0
I have not seen this particular problem, but I encourage you to look at Declude, which permits you to create filter rules based on multiple criteria.   

Declude has built-in tests for HELO, REVDNS, and MAILFROM (SMTP Address).    Testing the Message-From address requires regular expressions.   Here is a filter clause to evaluate whether the Message From ends with @example.com:
    HEADERS 1 PCRE (\n\r*From:[^@]+@example\.com)

Most of the "Email Service Providers" (ESPs) use their own domain in the SMTP From Address, which ensures that the message will pass SPF.   Then the Message-From address indicates the client domain.   These ESP organizations can have some clients whose messages are important to you, and other clients whose messages are toxic.    Consequently, you need to be able to filter on the combination of SMTP From address and Message From address.    Declude is the only product that I have found which can do this well, and they do it affordably.   Some of the outrageously expensive cloud services may be able to do it, but their capabilities are not confirmed because I was scared away by their pricing.

A couple of ESPs send so much toxic content that I quarantine their messages by default.   I exempt the few acceptable client domains as they become identified.   If you want to know my hated ESP list, send me a private message.

Declude is dependent on text file parsing.  This may become problematic with highly complex configurations or very high volume operations.   But unlike my commercial appliance products, Declude is extensible.   I have created custom filters to migrate most of my filtering logic into a SQL database.  This has simplified my configuration while improving performance.

Reply to Thread