Quote:
Originally Posted by BritTim
...Possibly, whitelisting specific senders might be a partial fix, but you are likely out of luck...
|
Address book whitelisting won't work for this purpose. If the message fails authentication I believe you will always see this header:
Code:
X-Spam-known-sender: no
In other words, address book whitelisting doesn't affect the X-Spam-known=sender header (which causes the spam filter to be bypassed) when the message appears to be spoofed (not sent by the From domain). This protects you against senders spoofing the From address.
The reason for using DMARC and similar techniques is that some phishing emails appear to the recipient to be identical to true messages from the desired sender, but one or more links in the message go to a phishing server which also emulates the normal website. So by bypassing these tests you open yourself up to malware attacks.
Bill