Even if a user or domain is on a trusted senders list, SmarterMail will still do some basic checks to ensure the sender is actually the sender. While some email systems allow trusted senders to be delivered to a user's Inbox without any validation checks, that can lead to major issues. As it is, anyone can write any from address that they want when sending a message. Spammers know this and can exploit mail servers that have implicit trust and flood users with hundreds and hundreds of messages that aren't truly from a "trusted" sender. This jeopardizes the security of that mail server.
Therefore, SmarterMail takes a "trust but verify" approach when it comes to the handling of trusted senders. SmarterMail will always run DMARC, SPF, and DKIM checks to guarantee the return path and from address of an email. Consistently running these checks allows SmarterMail to reverse the domain and IP address that sends a message to make sure they match. It also allows SmarterMail to verify that the from address and return path are associated. If they do not match or are not authorized, there is a very good chance that someone is impersonating the sender, which invalidates the trusted status.
In the possible situation that a message isn't actually spoofed, that sender's domain could have DMARC, SPF, and/or DKIM misconfigured. It's important to keep in mind that services like Gmail, Microsoft 365 (Office), Yahoo and others, are beginning to enforce strict implementations of security measures such as SPF, DKIM and even DMARC. So, sending domains with incorrect set ups in any of these areas will see more and more issues when sending messages. Administrators need to be aware of this and ensure that their servers and domains are set up properly to avoid any delays in sending mail.
More detailed information on SPF, DKIM, and DMARC -- and specifically now they affect Trusted Senders -- can be found in our help documentation. See
Domain Spam Filtering.