EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 26 Sep 2018, 07:39 PM   #1
DumbGuy
Senior Member
 
Join Date: Oct 2008
Posts: 167
Whitelisting Known Senders

I've been whitelisting known senders to make sure they don't get flagged as spam, nor processed by my Discard rules.

I do this whitelisting for entire domains -- businesses/websites/newsletters I receive email from, and so my Contacts are a long list of addresses like *@fromdomain.tld .

I don't use Contacts for actual contacts; I only use it for whitelisting, as above.

My question here (which I couldn't find after searching through Fastmail Help): are all the various email addresses in a specific single contact card used for whitelisting?

It's common for me to list several whitelisting entries in 1 contact, like:

*@domain.com (Work)
*@email.domain.com (Work)
*@e.domain.com (Personal)

I'd of course do this after receiving email from the additional subdomains and know that I'd want to whitelist them.

Does anyone know if those addition addresses are considered for whitelisting, and whether it matters if they are all "Personal", "Work", or whatever?

I found a thread in this forum from a few years ago that mentioned I may not have to mention subdomains specifically in my whitelisting. So, I'm wondering if that's still the case as well. (And that same thread talked about some domains not being whitelist-able, too.)

Thanks.
DumbGuy is offline   Reply With Quote

Old 27 Sep 2018, 11:36 AM   #2
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,415
Arrow Whitelisting details

The X-Spam-known-sender header shows whether address book whitelisting was triggered:
  • no
    • The From address was not found in the address book.
  • yes ("Address whatever@example.org in From header is in addressbook");
    • The From address was found in the address book. After the phrase shown above you will see a list of address book folders which contain that address. For each listed folder you will see a pseudorandom hex tag which refers to that folder.
    • Messages from Fastmail staff (which show the green checkmark) have a different phrase after the yes marking.
As far as I can tell, it makes no difference which category (personal, work, or other) you use or how many addresses you add to one contact entry. In all cases I have checked the address is properly detected and causes whitelisting.

There are certain circumstances (such as DMARC failure) in which it appears that the From address is spoofed. In these cases Fastmail will not whitelist the message and you will see a X-Spam-known-sender header such as:
X-Spam-known-sender: no ("Email failed DMARC policy for domain")

Bill
n5bb is offline   Reply With Quote
Old 27 Sep 2018, 04:04 PM   #3
DumbGuy
Senior Member
 
Join Date: Oct 2008
Posts: 167
That's valuable information, Bill, thanks. I'll check on that header row to help me verify my whitelisting strategy and any issues.
DumbGuy is offline   Reply With Quote
Old 27 Sep 2018, 04:17 PM   #4
DumbGuy
Senior Member
 
Join Date: Oct 2008
Posts: 167
I already have a follow-up question...

My questions above are part of an effort I'm making to figure out why some senders' emails never make it to my inbox, even after I whitelist them.

1 example I just found, via a recent email I *did* successfully receive from them, revealed this header row:

X-Spam-known-sender: no ("Email failed DMARC policy for domain"); in-addressbook

So, it ack's that the address is in my Contacts, but it failed DMARC. I assume this means that the sender doesn't have DMARC config'd properly. Is there anything I can do about that, other than notifying them about their misconfigured DMARC?

I'm suspecting other more recent emails from them aren't arriving to my Inbox, but I'm not sure.

I noticed this row: X-Spam-score: 0.0 , which suggests that even though X-Spam-known-sender/DMARC failed, FastMail is still respecting the Contacts entry and whitelisting it. (To be sure, I added up all the X-Spam-hits weightings and it wasn't 0.0, it was -2.1...)
DumbGuy is offline   Reply With Quote
Old 29 Sep 2018, 02:50 PM   #5
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,415
Arrow SPF, DKIM, and DMARC details

I'm very sorry, but my reply is very long. I wanted to give you some background so you can examine the headers and understand what might be causing your missing messages (or messages in the spam folder). Email senders using some behaviors which worked in past years will find their messages classified as likely spam due to the wide acceptance of the DMARC (and future ARC) standards.

The tag Email failed DMARC policy for domain was caused by the following:
  • The owner of the From domain has published (in their DNS records) a DMARC policy. This policy suggests to email systems who receive messages sent with a From address in their domain a policy. The policy results (when received at Fastmail) might be:
    • NONE (no DMARC policy - no action is taken)
    • NEUTRAL (to be interpreted like NONE - no action is taken)
    • SOFTFAIL (typically the message is accepted but tagged as failed)
    • FAIL (the message should be rejected -- not necessarily actually discarded by Fastmail, but the From domain is requesting this action)
  • The owner of the From domain has probably published (in their DNS records) a SPF policy. This lists the IP addresses of servers which are allowed to send email for this domain.
  • The sending server which was used to send that message has probably added a DKIM-Signature header which contains an encrypted signature. If the message is not corrupted (accidentally or by a spoofer) during transmission, the DKIM signature should agree with the message contents after a cryptographic test.
  • The Fastmail DMARC test of the message will pass if either the DKIM or SPF test passes. If DMARC fails then both the DKIM and the SPF tests failed.
  • The DMARC test requires proper domain name alignment.
To troubleshoot the message you describe, try the following:
  1. Examine the full headers of that message (as received at Fastmail).
  2. Look at the first few lines of the Authentication-Results header (not any similarly named headers).
  3. The test results you need to check in that header are:
    • dmarc=fail (followed by details about the published domain and subdomain DMARC policy and the header.from domain checked)
    • dkim= (might be pass or fail). Look for header.d (signing domain which has published the encryption key in their DNS records).
    • spf= (might be softfail or fail)
  4. Since the DMARC policy failed, both the DKIM and the SPF test failed. The reason for this failure might be:
    • SPF failure: The sender might have used a From address for a domain which does not support (via SPF) sending from the SMTP sending server they used. For example, using a Gmail From address but sending from a Yahoo server.
    • SPF failure: The message might have been forwarded. Forwarding breaks the SPF test.
    • DKIM failure: The sending server might have not have properly signed the message.
    • DKIM failure: The message might have been corrupted during transmission, which can cause the DKIM test to fail. The DKIM test ensures that the message content you receive is what the sender actually sent.
    • Alignment failure: DMARC only passes if either DKIM or SPF passes and the addresses are aligned (see the link I gave earlier to learn about alignment). So if DKIM passes but the domain used for the encryption isn't aligned with the From domain, DMAC will fail due to alignment failure.
DMARC failure is leading to the X-Spam-known-sender: no header (which indicates that address book whitelisting was not used). The reason for the 0.0 spam score is that the spam score is always zero or a positive number. If the spam score adds up to a negative value, the X-Spam-score result will be 0.0.

My guess is that the sender sent the message from an email client and forced the From address to be different from any domain associated with the sending server. This can lead to both SPF and alignment failure, leading to DMARC test failure. Such innocent spoofing of the From address worked for many years in most email systems, but it doesn't work reliably now because of the wide acceptance of DMARC tests. Gmail, Yahoo, and other big email domains are pushing for acceptance of DMARC so that their customers can trust email sent and received by their customers.

A newer email security system (ARC) is still under development and that's why you see those ARC received headers for information only at this time in Fastmail. ARC is an improved version of DMARC. See:
https://dmarc.org/2018/09/working-gr...specification/

Bill
n5bb is offline   Reply With Quote
Old 30 Sep 2018, 12:51 AM   #6
DumbGuy
Senior Member
 
Join Date: Oct 2008
Posts: 167
No need to apologize, Bill. I appreciate the comprehensive response. Thank you. Much of what you said I'm already aware of, but about 30% is news to my ears, so I'll need to dig deeper on this.

Sounds like current email anti-spam practices are getting more stringent, and I bet the sender (a small business) hasn't stayed up to date on things and might need to get up to speed.

Again, thank you for your thoroughness on this. I'll continue my investigation...
DumbGuy is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 11:47 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy