Community Knowledge Base

Domain Spam Filtering

This settings page is only available to domain administrators and system administrators with the proper permissions.

SmarterMail includes a variety of antispam measures that will help keep a user's inbox free of unwanted mail. In the Spam Filtering section, domain administrators can review/configure the spam filtering options and trusted senders for users on their domain.

Jump To:

  • Options - Configure the filtering Actions for spam messages on your domain
  • Trusted Senders - Exempt specific email addresses and domains from spam filtering

Options

In most cases, a system administrator has already configured the filtering options -- spam weights and Actions -- for spam messages on your domain. However, if the system administrator allows it, domain administrators can override those settings and change the Actions configured for spam messages of varying weights to help further remove potentially unwanted email.

Options

  • Override spam settings - Enable this setting to customize the spam filtering Actions for your domain. If this option is disabled, the systems' default spam filtering policy will be displayed.
  • Allow users to override spam settings - Enable this setting if, as the domain administrator, you want to allow users to be able to further edit and manage the Actions taken on messages of varying weights.

Editing Actions

Each type of spam check has an associated weight that factors into the spam probability of a message. In addition, a specific Action is set for messages that score the weight set by the system administrator.

To edit the action, click on the card associated with the weight you want to edit. From there, click the dropdown on the Action to change it and click the OK button to save your change.

Trusted Senders

Domain administrators can add specific email addresses (such as jsmith@example.com) or domains (such as example.com) that will be exempted from most spam filtering. This lets the system know that these messages come from a trusted source and can prevent mail from friends, business associates, and mailing lists from being blocked or sent to the Junk Email folder. By default, every contact in a user's Contacts list is considered a trusted sender and bypasses most spam filtering. When entering trusted senders or domains, enter only one item per line.

Spam Filtering and Trusted Senders

We say that Trusted Senders bypass "most" spam filtering, because while they do bypass things like RBL and URIBL checks, other checks are ALWAYS run (when enabled) on ALL messages, regardless of whether the sender is considered "trusted".

If the system administrator has enabled SPF, DKIM, and/or DMARC, (all of which are strongly recommended), SmarterMail will run those checks on ALL emails, including those from trusted senders, whitelisted IP addresses, and IP bypasses. This "trust but verify" approach is important because anyone can write any return path that they want when sending a message. Therefore, this extra layer of protection helps prevent spammers from flooding users with hundreds of messages that aren't truly from a trusted sender. If an SPF, DKIM, or DMARC check fails on an incoming message, the "trusted sender" is no longer trusted by SmarterMail, and the weights of all enabled spam checks will be applied to that message.

DMARC, specifically, plays an integral part in determining "trusted" status. DMARC is the only check available that can confirm that the From address listed in the email is associated to the SPF record and return path. DMARC, therefore, ensures that the From address wasn't spoofed and the sender automatically trusted just because the From address is listed as a trusted sender. It is an extra step of security to ensure that senders are only 'whitelisted' if SmarterMail can verify the sender.

The specific spam check results that will bypass the trusted sender status are SPF_Fail, SPF_Softfail, SPF_PermError, or DKIM_Fail.

If the trusted sender status of an email was bypassed due to a failed SPF or DKIM check, the TotalSpamWeight line in the email header would appear in the following format:

X-SmarterMail-TotalSpamWeight: {Total Spam Weight} ({Where the trusted sender status originates}, {Reason the trusted sender status was bypassed}) 
     

For example:

X-SmarterMail-TotalSpamWeight: 9 (Trusted Sender - Domain, failed SPF)

This example indicates that the sender is in the domain-level Trusted Senders list, but the email received a total spam weight of 9 because the message failed the SPF check.

Regarding DMARC

We evaluate the DMARC results of an incoming email in order to determine whether the From Address or Return Path will be used for the Trusted Sender verification. If DMARC has a passing result, SmarterMail will use the From Address to determine if the email is in the Trusted Sender's list. In most cases, the Return Path and From Address of an email are the same, and users will likely have the sender's From Address in their Trusted Senders list. In these cases, as long as SPF and DKIM don't fail or error, the email should be delivered to the user's Inbox without a spam weight applied. If DMARC doesn't have a passing result, it will use the Return Path to determine if the email is from a Trusted Sender. If the Return Path address is in the Trusted Senders list as well, the email should be delivered to the user's Inbox without a spam weight applied.If the Return Path address isn't in the user's Trusted Sender's list, the full spam weight of the message will be applied, and the email will be filtered / moved according to the user's spam filtering settings. In these situations, they will likely land in the Junk Email folder, and the X-SmarterMail-TotalSpamWeight header will show why the weight was applied, with something like this:

X-SmarterMail-TotalSpamWeight: 37 (Trusted Sender - User, DMARC: None)
    X-SmarterMail-TotalSpamWeight: 24 (Trusted Sender - User, DMARC: Skipped - DMARC Disabled)

These are the DMARC results that are considered "passing" and will allow the From Address to be considered in the Trusted Sender verification process:

  • DMARC: [passed]
  • DMARC: [skipped - Authenticated]
    This will appear if the sender is an authenticated domain user or if the sender's IP address is in the whitelist with an SMTP Auth Bypass.
  • DMARC: [skipped - Bypassed]
    This will appear if the sender's IP address is in the IP Bypass with Bypass Spam Checks enabled, and there is only 1 Received line in the email header/delivery.
  • DMARC: [skipped - Whitelisted]
    This will appear if the sender's IP address is in the Whitelist with an SMTP Spam Bypass.

These are the DMARC results that are not considered "passing", and will disallow the From Address from being considered in the Trusted Sender verification process.

  • DMARC: [none]
  • DMARC: [failed]
  • DMARC: [skipped - DMARC Disabled]
  • DMARC: [skipped - No Return Path]

We also added this logic for adding or removing Trusted Senders from within the Email section:

  • If Return and From match, then we add/remove the From Address.
  • If Return and From differ, we look at the DMARC Results of that email.
    • If DMARC passed (or was skipped due to authentication, bypass or whitelist), we add/remove the From Address.
    • If DMARC didn't pass, we add/remove the From Address and the Return Path address. (This is done to help ensure that the sender will pass the DMARC Trusted Sender verification process on subsequent messages.)