|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
26 Sep 2018, 06:39 PM | #1 |
Essential Contributor
Join Date: Oct 2008
Posts: 212
|
Whitelisting Known Senders
I've been whitelisting known senders to make sure they don't get flagged as spam, nor processed by my Discard rules.
I do this whitelisting for entire domains -- businesses/websites/newsletters I receive email from, and so my Contacts are a long list of addresses like *@fromdomain.tld . I don't use Contacts for actual contacts; I only use it for whitelisting, as above. My question here (which I couldn't find after searching through Fastmail Help): are all the various email addresses in a specific single contact card used for whitelisting? It's common for me to list several whitelisting entries in 1 contact, like: *@domain.com (Work) *@email.domain.com (Work) *@e.domain.com (Personal) I'd of course do this after receiving email from the additional subdomains and know that I'd want to whitelist them. Does anyone know if those addition addresses are considered for whitelisting, and whether it matters if they are all "Personal", "Work", or whatever? I found a thread in this forum from a few years ago that mentioned I may not have to mention subdomains specifically in my whitelisting. So, I'm wondering if that's still the case as well. (And that same thread talked about some domains not being whitelist-able, too.) Thanks. |
27 Sep 2018, 10:36 AM | #2 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,929
|
Whitelisting details
The X-Spam-known-sender header shows whether address book whitelisting was triggered:
There are certain circumstances (such as DMARC failure) in which it appears that the From address is spoofed. In these cases Fastmail will not whitelist the message and you will see a X-Spam-known-sender header such as: X-Spam-known-sender: no ("Email failed DMARC policy for domain") Bill |
27 Sep 2018, 03:04 PM | #3 |
Essential Contributor
Join Date: Oct 2008
Posts: 212
|
That's valuable information, Bill, thanks. I'll check on that header row to help me verify my whitelisting strategy and any issues.
|
27 Sep 2018, 03:17 PM | #4 |
Essential Contributor
Join Date: Oct 2008
Posts: 212
|
I already have a follow-up question...
My questions above are part of an effort I'm making to figure out why some senders' emails never make it to my inbox, even after I whitelist them. 1 example I just found, via a recent email I *did* successfully receive from them, revealed this header row: X-Spam-known-sender: no ("Email failed DMARC policy for domain"); in-addressbook So, it ack's that the address is in my Contacts, but it failed DMARC. I assume this means that the sender doesn't have DMARC config'd properly. Is there anything I can do about that, other than notifying them about their misconfigured DMARC? I'm suspecting other more recent emails from them aren't arriving to my Inbox, but I'm not sure. I noticed this row: X-Spam-score: 0.0 , which suggests that even though X-Spam-known-sender/DMARC failed, FastMail is still respecting the Contacts entry and whitelisting it. (To be sure, I added up all the X-Spam-hits weightings and it wasn't 0.0, it was -2.1...) |
29 Sep 2018, 01:50 PM | #5 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,929
|
SPF, DKIM, and DMARC details
I'm very sorry, but my reply is very long. I wanted to give you some background so you can examine the headers and understand what might be causing your missing messages (or messages in the spam folder). Email senders using some behaviors which worked in past years will find their messages classified as likely spam due to the wide acceptance of the DMARC (and future ARC) standards.
The tag Email failed DMARC policy for domain was caused by the following:
My guess is that the sender sent the message from an email client and forced the From address to be different from any domain associated with the sending server. This can lead to both SPF and alignment failure, leading to DMARC test failure. Such innocent spoofing of the From address worked for many years in most email systems, but it doesn't work reliably now because of the wide acceptance of DMARC tests. Gmail, Yahoo, and other big email domains are pushing for acceptance of DMARC so that their customers can trust email sent and received by their customers. A newer email security system (ARC) is still under development and that's why you see those ARC received headers for information only at this time in Fastmail. ARC is an improved version of DMARC. See: https://dmarc.org/2018/09/working-gr...specification/ Bill |
29 Sep 2018, 11:51 PM | #6 |
Essential Contributor
Join Date: Oct 2008
Posts: 212
|
No need to apologize, Bill. I appreciate the comprehensive response. Thank you. Much of what you said I'm already aware of, but about 30% is news to my ears, so I'll need to dig deeper on this.
Sounds like current email anti-spam practices are getting more stringent, and I bet the sender (a small business) hasn't stayed up to date on things and might need to get up to speed. Again, thank you for your thoroughness on this. I'll continue my investigation... |