Autowhitelist option to use sender SMTP and not MIME
As part of my recent support ticket GFI-180905-653618, it was explained to me that the Autowhitelist that is generated based from outbound e-mails utilizes the MIME from field. We have seen a large increase in messages that have forged MIME From fields and mismatching SMTP From fields. We have manually switched all the entries in our regular Whitelist database to Sender SMTP, but would like to do the same for the Auto-Whitelist in order to better protect against spoofed messages purporting to be from customers.
I was wondering why some obvious spam has been greenlit by ME lately. I checked the dashboard and it said OK [Whitelist] and obviously, I couldn't even find the SMTP address in the auto whitelist because it uses the MIME field. I disabled the Autowhitelist completely for now because it'll do more harm than good like this.
Elina Williams commented
In order to use the free SMTP server from Google, you need to allow access to unverified applications. Use your Gmail or Google Apps account also for incoming messages, all your emails will be in one convenient place. For any printer, related issues visit https://www.printererrorrepair.com/blog/printer-in-error-state/
Dennis K commented
Agreed. This issue was brought up multiple times in the past by me with tech support. We need this feature. The workaround that we use is:
1. Copy Autowhitelist entries to GlobalWhitelist with a proper type. You may want to use Count and datetime stamp for a deeper filtering
2. Disable using Autowhitelist for incoming email but keep auto-populate
3. Do the same process on bi-weekly basis. (I just use a script)
Rick Stockley commented
We are having the same issue, and it seems ridiculous that it is not an option. Looks simple enough to me to implement. Couldn't you just add an option on the Auto Whitelist page to either check MIME, check SMTP, or check both?
Regardless, does anyone see any issue with activating the Header Checking option of "check if the email headers contain different SMTP and MIME fields". Then place that filter above the whitelist filter?