EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 9 Apr 2018, 02:53 AM   #1
ferrety
Member
 
Join Date: Mar 2018
Posts: 53
Question Sender Policy Framework / 3rd party domains / and Sieve

The scenario is this ~ This company (company A) has it recorded in their Sender Policy Framework that another company (company B) with a different domain can send emails on their behalf.
The third party company (company B) sends an email to you from Company A's email address.

Can sieve 'see' that the email actually comes from Company B?
ferrety is offline   Reply With Quote

Old 9 Apr 2018, 03:52 AM   #2
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,084
Your question can be restated as "can you tell from the email headers that the email originated from company B's SMTP server?"

The answer is almost certainly yes, but has nothing really to do with domain names. Visually examining the full headers from a sample email is the best way of figuring out appropriate sieve tests.
BritTim is offline   Reply With Quote
Old 9 Apr 2018, 04:02 AM   #3
ferrety
Member
 
Join Date: Mar 2018
Posts: 53
Quote:
Originally Posted by BritTim View Post
Your question can be restated as "can you tell from the email headers that the email originated from company B's SMTP server?"

The answer is almost certainly yes, but has nothing really to do with domain names. Visually examining the full headers from a sample email is the best way of figuring out appropriate sieve tests.
If company A is sending from the domain chemist.com and company B (domain reviews.com) sends emails on their behalf. Will company B's domain, reviews.com appear in the header? Or just company A's?
ferrety is offline   Reply With Quote
Old 9 Apr 2018, 05:00 AM   #4
lane
Cornerstone of the Community
 
Join Date: Dec 2005
Location: Kars, NB, Canada
Posts: 702
Quote:
Originally Posted by ferrety View Post
If company A is sending from the domain chemist.com and company B (domain reviews.com) sends emails on their behalf. Will company B's domain, reviews.com appear in the header? Or just company A's?
This question has an unfortunate answer: "It depends". If company B uses servers under its own control (probably implied by your original remark on SPF authorization), company B's domain may well appear. Each computer in the chain of "Received:" statements in the header often tries to resolve the previous computer either by its self-identification and/or by reverse IP look up. So a user might well see company B's domain listed for one of the computers in the earliest part of the "Received:" chain.

However, not all email receivers do this, so the only real way to check it would be to examine a few of the messages sent that way, as BritTim suggested.
lane is offline   Reply With Quote
Old 9 Apr 2018, 05:02 AM   #5
lane
Cornerstone of the Community
 
Join Date: Dec 2005
Location: Kars, NB, Canada
Posts: 702
And even if the domain for company B is not explicitly listed in the "Received:" headers, a person could do a reverse lookup manually on the earliest IP addresses and potentially find it out.
lane is offline   Reply With Quote
Old 9 Apr 2018, 08:39 AM   #6
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,084
Consider what you would see if Company B was using FastMail to host its domain companyb.com. When an email is sent by a Company B employee from john.smith@companya.com, the message will appear to be sent using smtp.fastmail.com. or similar. The email headers may provide other clues about the sender (especially if they are not using the FastMail web client) but you need to examine the full headers to determine this. Usually, a genuine email will need to provide a reply-to address. That can provide a good clue as to the real sender. Of course, if it is a phishing email, most of the headers might be complete nonsense.
BritTim is offline   Reply With Quote
Old 9 Apr 2018, 03:25 PM   #7
ferrety
Member
 
Join Date: Mar 2018
Posts: 53
I appreciate the help I really do but this is drifting way off
Reverse lookups, spoofing or phishing isn't relevant here.

Please could we go back to the specific example in the original question

"The scenario is this ~ This company (company A) has it recorded in their Sender Policy Framework that another company (company B) with a different domain can send emails on their behalf.
The third party company (company B) sends an email to you from Company A's email address.

Can sieve 'see' that the email actually comes from Company B?
"

1. Yes
2. No
3. Maybe/Sometimes
ferrety is offline   Reply With Quote
Old 9 Apr 2018, 05:19 PM   #8
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,084
Quote:
Originally Posted by ferrety View Post
I appreciate the help I really do but this is drifting way off
Reverse lookups, spoofing or phishing isn't relevant here.

Please could we go back to the specific example in the original question

"The scenario is this ~ This company (company A) has it recorded in their Sender Policy Framework that another company (company B) with a different domain can send emails on their behalf.
The third party company (company B) sends an email to you from Company A's email address.

Can sieve 'see' that the email actually comes from Company B?
"

1. Yes
2. No
3. Maybe/Sometimes
The problem is that you are asking a nonsensical question. SPF ties email domains to sending hosts, not sending domains. Thus, I could answer your question with "usually yes", but you would have no idea why I am giving that answer.
BritTim is offline   Reply With Quote
Old 9 Apr 2018, 06:14 PM   #9
ferrety
Member
 
Join Date: Mar 2018
Posts: 53
Quote:
Originally Posted by BritTim View Post
The problem is that you are asking a nonsensical question. SPF ties email domains to sending hosts, not sending domains. Thus, I could answer your question with "usually yes", but you would have no idea why I am giving that answer.
I don't see how it is nonsense This is why I am asking, below is quoted from a website

"If you choose to use your own domain for the sender email, ReviewersRUs will send out the invitation on behalf of your email address. In order to ensure the invitation will be delivered successfully, you need to add the phrase include:reviewersRUsservice.com to your SPF record. This will allow ReviewersRUs to send emails on behalf of your domain.

An SPF record acts as a gatekeeper and it shows the recipient's mail server which third party domains are allowed to send emails on behalf of your domain.
"

In this instance can sieve see that it is being sent by reviewersRUs?
ferrety is offline   Reply With Quote
Old 9 Apr 2018, 09:12 PM   #10
lane
Cornerstone of the Community
 
Join Date: Dec 2005
Location: Kars, NB, Canada
Posts: 702
The answer is #3. You would, as we have said, have to check a sample of emails. If the domain appears in a Received header, sieve can find it.
lane is offline   Reply With Quote
Old 9 Apr 2018, 10:40 PM   #11
ferrety
Member
 
Join Date: Mar 2018
Posts: 53
Quote:
Originally Posted by lane View Post
The answer is #3. You would, as we have said, have to check a sample of emails. If the domain appears in a Received header, sieve can find it.
Thanks, that is a massive pain I was hoping to stop these review company emails & bounce them before they hit my spam box. This means I'm forced to check each one in case it is from Company A instead of the review company using their email

But thank you
ferrety is offline   Reply With Quote
Old 10 Apr 2018, 10:29 AM   #12
lane
Cornerstone of the Community
 
Join Date: Dec 2005
Location: Kars, NB, Canada
Posts: 702
I did not realize from your prior posts that you were receiving these yourself. If I had your problem, I would just check the headers of two or three of the undesired messages, and look for mention of the review company's domain, or failing that, a consistent sending IP address or fraction of it or maybe a server name. Sieve should be able to filter those to another folder, spam, or discard. If you need help with the sieve code, post again (I am not an expert but may be able to help, and there are others here who are experts).
lane is offline   Reply With Quote
Old 10 Apr 2018, 03:53 PM   #13
ferrety
Member
 
Join Date: Mar 2018
Posts: 53
Quote:
Originally Posted by lane View Post
I did not realize from your prior posts that you were receiving these yourself. If I had your problem, I would just check the headers of two or three of the undesired messages, and look for mention of the review company's domain, or failing that, a consistent sending IP address or fraction of it or maybe a server name. Sieve should be able to filter those to another folder, spam, or discard. If you need help with the sieve code, post again (I am not an expert but may be able to help, and there are others here who are experts).
Sadly that won't help, the review company spams on behalf of half the online businesses in Britain. I was hoping that there would be a way to detect it in sieve

Thanks for the offer of help with the sieve code I haven't posted the company name but will post it if it isn't against forum rules. I don't know if knowing that would help.
ferrety is offline   Reply With Quote
Old 10 Apr 2018, 04:28 PM   #14
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,084
Quote:
Originally Posted by ferrety View Post
Sadly that won't help, the review company spams on behalf of half the online businesses in Britain. I was hoping that there would be a way to detect it in sieve

Thanks for the offer of help with the sieve code I haven't posted the company name but will post it if it isn't against forum rules. I don't know if knowing that would help.
If you can figure out the sending servers they use, you can block them. It is also worth mentioning that prolific spammers should generally be detected by the spam filters.
BritTim is offline   Reply With Quote
Old 10 Apr 2018, 11:31 PM   #15
ferrety
Member
 
Join Date: Mar 2018
Posts: 53
Quote:
Originally Posted by BritTim View Post
If you can figure out the sending servers they use, you can block them. It is also worth mentioning that prolific spammers should generally be detected by the spam filters.
The companies are giving them our email addresses so I don't know if it is officially called spam but to me it is. And there is no optout
Am I allowed to mention the name? It is the biggest review site in the UK (although it is Danish owned). Companies give it our email addressees & pay it to harass us for reviews
Its Alexa rank is 948
ferrety is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 04:09 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy