Our end user whitelist configuration is by email address and not domain. Users have been complaining that whitelisting isn't working. When I researched this issue, whitelisting is actually working just fine. The most common two causes of whitelist entries "not working" are (1) the sending mail server provides two different local addresses in the transmission process (one for the SMTP connection and another in the envelope) and/or (2) they use a randomly generated character set as a prefix or suffix on the local portion of the email address. If you look at the sender of an email listed the quarantine release notification, it may look something like 34a29f33e9d_Bob@WhateverDomainSendingMail.com. When our end user submits the whitelist request on a quarantined message, it's for the randomly generated address. Then the next message from the same sender, with a different set of randomly generated characters, will be quarantined. Has anyone else encountered this? I don't want to change the whitelist configuration to whitelist by domain. Is there a valid reason that senders do this? I'm assuming it's somehow used by a marketing department for message tracking but can't figure out how it would be used. Any information on why message senders would do this and how to work around it would be greatly appreciated. Thanks!
Message was edited by: runcmd on 1/24/13 9:22:08 AM EST
Its typically caused by some sort of auto-mailer, when this occurs you will have to whitelist its IP address because we do not allow whitelisting based off the 822 address.
Thanks for the response!...
Yeah, I kind of suspected as much. I seem to be encountering this more and more frequently. The downside to doing an administrative whitelist on the IP address, though, is that it will then allow the messages from that mail server to anyone on the inside of the organization and, potentially, even mailings not associated with that organization's company. I've run into this kind of "no win" situation before where you whitelist an IP address so a company's mailing can get through but the mailing is being sent by a third party mass mailing outfit that also sends mailings your users don't want to receive. As an alternative, you can whitelist the domain, but domains are easily spoofed.
Hum... Assuming there's a pattern to the local name (even when the address contains random characters), what if I created a custom dictionary that contributed to the ESP and heavily negative weighted particularly odd senders using matching regular expressions against the header only? If I negative weight it enough, could I tip the ESP scale in favor of delivering the message?