Autowhitelist option to use sender SMTP and not MIME
As part of my recent support ticket GFI-180905-653618, it was explained to me that the Autowhitelist that is generated based from outbound e-mails utilizes the MIME from field. We have seen a large increase in messages that have forged MIME From fields and mismatching SMTP From fields. We have manually switched all the entries in our regular Whitelist database to Sender SMTP, but would like to do the same for the Auto-Whitelist in order to better protect against spoofed messages purporting to be from customers.
Dennis K commented
Agreed. This issue was brought up multiple times in the past by me with tech support. We need this feature. The workaround that we use is:
1. Copy Autowhitelist entries to GlobalWhitelist with a proper type. You may want to use Count and datetime stamp for a deeper filtering
2. Disable using Autowhitelist for incoming email but keep auto-populate
3. Do the same process on bi-weekly basis. (I just use a script)
Rick Stockley commented
We are having the same issue, and it seems ridiculous that it is not an option. Looks simple enough to me to implement. Couldn't you just add an option on the Auto Whitelist page to either check MIME, check SMTP, or check both?
Regardless, does anyone see any issue with activating the Header Checking option of "check if the email headers contain different SMTP and MIME fields". Then place that filter above the whitelist filter?