I thought about that but some of the customers in question are based in China and are on a shared server with thousands of non-related users. If I white list the servers IP we open ourselves to spam from anyone using that server. I'm going to have to collect the email addresses and just white list those instead of the domains. There are only about 2 dozen so it shouldn't be too difficult.
-----Original Message----- From: John Peacock [mailto:[EMAIL PROTECTED] Sent: Friday, April 27, 2007 12:21 PM To: Todd S. Florman Cc: Andy Durant; [email protected] Subject: Re: [dspam-users] Specific domains bypass dspam? Todd S. Florman wrote: > It will expose your authorized destinations to spam however so some > caution should be used when whitelisting based on the senders domain > instead of the sending servers ip address. I just wanted to amplify the last comment above. Whitelisting based on domain is always the wrong thing to do. It is trivial to forge the return address, and in fact virtually all botnets use forged addresses as the envelope sender, even if the From: address may be legit (and even that is rare). Most likely, the OP was responding to a user complaining that "I don't want messages from our own domain to ever be tagged as spam." I get this frequently (we have a dozen or so domains in our "company"). The best solution to this is to whitelist based on server IP, especially when it is servers in your direct control. Just don't send "trusted IP" messages through dspam in the first place. Of course, I also explain to the user how common forged addresses and stress that no system is perfect (and a little dspam training will take care of false positives anyways). My 2 cents... John -- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748
