8
Biggest Customer Complaint - Trusted Sender
Question asked by John Marx - 11/16/2022 at 9:11 AM
Answered
The biggest complaint every customer raises is they use webmail, they mark someone in junk as a trusted sender, and they continue to go to junk mail. How can I get trusted sender to actually be trusted and stay in the inbox? 

If they right-click on ANY, even after marking, the emails say trusted sender so obviously SmarterMail is smart enough to know that. 

11 Replies

Reply to Thread
1
Jay Dubb Replied
We've found that the actual "from" address can be different from that shown in the message.  For example, a message might show as "From" bobjones@company.com  but if you look the headers, you might see bobjones-compan-com-202987345@bounces.mailservice.com as the actual sender.  

If you use Declude, that makes it really easy to find the actual sender.  Just look for the "X-Declude-Sender" header near the bottom.
 
0
John Marx Replied
The headers are always the same. Either way if they were not if when you right-click and the system already says trusted sender it should be smart enough to keep it in the inbox (or really run any rules, if there are any -- each client has no rules so they should just go to the inbox).
1
Tony Scholz Replied
Employee Post Marked As Answer
Hello John, 

Trusted Senders is designed to allow you to skip SPAM checks for specified email address and domains. This is skipped/ignored in 2 cases. DKIM and SPF are still checked to protect your system, 

Trusted Senders
Domain Administrators can add specific email addresses (such as jsmith@example.com) or domains (such as example.com) that will be exempted from spam filtering. This can prevent mail from friends, business associates and mailing lists from being blocked and lets the system know that these messages come from a trusted source. NoteEmail addresses in a user's contacts are always considered trusted senders. In addition, if users unmark a message as spam, the sender is automatically included on their personal trusted senders list.
Here is an article that has a more robust description of why SPF and DKIM are exempt from the Trusted Senders. 
When the DKIM and SPF both pass the SPAM weight is zeroed out for "Trusted Senders". The header for this looks like this. 

X-SmarterMail-Spam: SPF_Pass, HostKarma - Whitelist, Reverse DNS Lookup [Passed], ISpamAssassin 0 [raw: 0], DK_Pass, DKIM_Pass
X-SmarterMail-TotalSpamWeight: 0 (Trusted Sender - Domain)
When either the SPF and/or DKIM fail then the full spam weight of all failed checks are brought forward and passed on. This header will have a line like this. 

X-SmarterMail-Spam: SPF_SoftFail, Reverse DNS Lookup [Passed], ISpamAssassin 7 [raw: 5], DK_None, DKIM_None
X-SmarterMail-TotalSpamWeight: 19 (Trusted Sender - User, failed SPF)
The other reason that this may be happening is what Jay mentioned above. Take a look at the raw content of the message and look at the "Return-Path:" and see if it matches the "From:" field. When you mark an email as a trusted sender it is grabbing hte email address in the From: field, when this check is processed during the SMTP session it looks at the Mail From: address that can be adjusted by the sender in the DATA portion of the SMTP session. 

For Example:

In the above example notifications will be the trusted sender and pm_bounces is what will be checked during the SMTP session. 

I hope this helps. Thank you
Tony
Tony Scholz
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
John Marx Replied
The problem I am seeing is many email servers now use SMTP gateways. These gateways allow reporting of spam, bounces, etc. They manipulate the message envelopes causing trusted senders to not be trusted. Here is an example of one of my trusted senders on my account that seems to "love" the junk mail folder based on your picture.

Return-Path: <bounces+8754967-3ee2-john=fawkesdm.com@ckespa.neilpatel.com>
From: Neil Patel <np@neilpatel.com>

9
Jay Dubb Replied
ENHANCEMENT REQUEST:  Make the Trusted Senders function more intelligent, to read all of the headers involved in the "trusted" decision.  

We have this exact same complaint from our own customers, many of whom receive extremely time-sensitive documents via email (real estate, insurance, title company, ...) and they are frequently complaining they've marked mail as Trusted, only to have it continue going to Spam.

We've had to work (way too many times) with their I.T. team to search the headers and built a domain-wide filtering rule to whitelist the "actual" senders of these messages-- something we wouldn't have to do if the "mark as Trusted Sender" function worked in the manner users would "expect" it to work.
 
2
+1

Gabriele Maoret - Head of SysAdmins at SERSIS
Currently manages 3 SmarterMail installations (1 in cloud for SERSIS which provides service to a few hundreds 3rd party Mail Domains + 2 on premise to customers)
2
Jaime Alvarez Replied
+1
0
Paul Blank Replied
+!
0
YS Tech Replied
I have many emails now being moved to my spam folder, with no way of setting them to be trusted senders (as that functionality doesn't really do what it says).
Having the feature that does recognise the email as an actual trusted sender and allows it through would be really handy as I can't tell my clients any way to trust an email or even a domain as it just doesn't work.

e.g. one example sent to me, they obviously use a third party klaviyo system and a different domain to the business domain. I have added this domain to the trusted senders and SM obviously recognises it but still moves it to spam.

From: Pro Bike Tool "><probiketools@razorgroup.com>
...
X-Declude-Sender: bounces+32138063-631b-comps=*******.net@send.ksd1.klaviyomail.com [149.72.88.115]
X-Declude-Spoolname: 315424743.eml
X-Declude-RefID: 
X-Declude-Note: Scanned by Declude 4.12.11
X-Declude-Scan: Incoming Score [19] at 16:32:11 on 22 Sep 2023
X-Declude-Tests: HOSTKARMA-BLACK [10], MAILSPIKE-H4 [-4], SORBS [4], SORBS-NEW [3], SORBS-RECENT [3], SPFPASS [-1], FROMNOMATCH [2], HAM-INDICATOR [-2], FILTER-BULK [4], WEIGHT10 [10], WEIGHT14 [14]
X-Country-Chain: UNITED STATES->destination
X-Declude-Code: e
X-HELO: o1408.shared.klaviyomail.com
X-Identity: 149.72.88.115 | o1408.shared.klaviyomail.com | send.ksd1.klaviyomail.com
X-SmarterMail-Spam: DMARC [skipped - DMARC Disabled]: 0, Reverse DNS Lookup [Passed]: 0, SPF [Pass]: 0, DKIM [Fail]: 5, Declude: 19
X-SmarterMail-FoundTracker: sendgrid | SendGrid
X-SmarterMail-TotalSpamWeight: 24 (Trusted Sender - Domain, DMARC: Skipped (DMARC Disabled))
X-SmarterMail-SpamAction: Medium | MoveToFolder
muc-off.com is another domain that uses klaviyo

This one is an online accounting domain, also gets moved to spam:

From: QuickFile "><quickfile-noreply@quickfile.co.uk>
...
X-Declude-Note: Scanned by Declude 4.12.11
X-Declude-Scan: Incoming Score [23] at 02:10:30 on 22 Sep 2023
X-Declude-Tests: MAILSPIKE-H5 [-7], SORBS-RECENT [3], NOABUSE [2], SPFPASS [-1], FROMNOMATCH [2], HAM-INDICATOR [-2], FILTER-BULK [4], FILTER-SPAM [20], FILTER-SUBJECT [2], WEIGHT10 [10], WEIGHT14 [14], WEIGHT20 [20]
X-Country-Chain: UNITED STATES->destination
X-Declude-Code: e
X-HELO: a8-73.smtp-out.amazonses.com
X-Identity: 54.240.8.73 | a8-73.smtp-out.amazonses.com | amazonses.com
X-SmarterMail-Spam: DMARC [skipped - DMARC Disabled]: 0, Reverse DNS Lookup [Passed]: 0, SPF [Pass]: 0, DKIM [Fail]: 5, Declude: 23
X-SmarterMail-FoundTracker: mailgun | Mailgun
X-SmarterMail-TotalSpamWeight: 28 (Trusted Sender - System, DMARC: Skipped (DMARC Disabled))
X-SmarterMail-SpamAction: Medium | MoveToFolder
Is it that we need to trust klaviyomail.com and amazonses.com for these to come through, if so that would open us up to a lot more issues wouldn't it?

Thanks
0
Millennium Systems Replied
YS Tech

If DKIM fails like both your examples, the trusted sender status is ignored.

0
Paul Blank Replied
It's just sad that here in the 3rd decade of the 21st Century, email admins can't have SPF and/or DKIM configured at the least (let alone DMARC). 

Nonetheless there should be an easy way to trust these senders on the SM end without the hassle of creating a filtering rule, especially if you can verify by the sending servers' IP address(es). Good Luck!

Reply to Thread