English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
Blocking unwanted emails
-
Hello,
We are getting Junk/Phishing emails but SPF and DKIM isn't being checked.
I'm guessing its because they're using internal IP with EHLO command.
I see that SPF and DKIM verification is exempt from internal IP's.
Would changing these values stop these types of emails from getting through to users?
-
SPF is not getting checked because the message is being sent with a NULL mail from value. SPF uses the domain in the MAIL FROM value of the SMTP session to determine if the IP address sending the message to you is allowed to send the message on behalf of the domain.
Does the message contains a DKIM Signature? If there is no DKIM signature in the message, there is nothing to check for DKIM.
I see two potential options, I'd reccomend enabling both.
1. Enable Backscatter Protection (Security / Other / Backscatter Protection). If you already have it enabled, check the box to Reject messages that fail Backscatter Protection verification.
To combat backscatter, MDaemon contains a feature called Backscatter Protection (BP). BP can help to ensure that only legitimate Delivery Status Notifications and Autoresponders get delivered to your accounts, by using a private key hashing method to generate and insert a special time-sensitive code into the "Return-Path" address of your users' outgoing messages. Then, when one of these messages encounters a delivery problem and is bounced back, or when an auto-reply is received with a "mailer-daemon@..." or NULL reverse path, MDaemon will see the special code and know that it is a genuine automated reply to a message that was sent by one of your accounts. If the address doesn't contain the special code, or if the code is more than seven days old, it will be logged by MDaemon and can be rejected.
For more information please see the help file at https://help.mdaemon.com/MDaemon/en/security--backscatter_protection_dialog.html
2. Enable DMARC Verification. (Security / Sender Authentication / DMARC Verification)
DMARC uses SPF and DKIM to ensure that the organizational domain in the FROM header is protected. You can find more information on DMARC in the help file at https://help.mdaemon.com/MDaemon/en/security--dmarc_verification.html
BATV will absolutely resolve this issue, DMARC might resolve the issue. I'd suggest enabling both of them as they both help to protect your users from Spam.
This won't help with the issue you posted about, but you should also make sure you have a valid SPF record for your domain and that you are DKIM signing messages you send out.
-
Thank you!
