How can we improve?

Autowhitelist option to use sender SMTP and not MIME

As part of my recent support ticket GFI-180905-653618, it was explained to me that the Autowhitelist that is generated based from outbound e-mails utilizes the MIME from field. We have seen a large increase in messages that have forged MIME From fields and mismatching SMTP From fields. We have manually switched all the entries in our regular Whitelist database to Sender SMTP, but would like to do the same for the Auto-Whitelist in order to better protect against spoofed messages purporting to be from customers.

5 votes
Sign in Sign in with GFI
Signed in as (Sign out)

We’ll send you updates on this idea

Scott Muehleisen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in Sign in with GFI
Signed in as (Sign out)
  • jm commented  ·   ·  Flag as inappropriate

    I was wondering why some obvious spam has been greenlit by ME lately. I checked the dashboard and it said OK [Whitelist] and obviously, I couldn't even find the SMTP address in the auto whitelist because it uses the MIME field. I disabled the Autowhitelist completely for now because it'll do more harm than good like this.

  • Dennis K commented  ·   ·  Flag as inappropriate

    Agreed. This issue was brought up multiple times in the past by me with tech support. We need this feature. The workaround that we use is:
    1. Copy Autowhitelist entries to GlobalWhitelist with a proper type. You may want to use Count and datetime stamp for a deeper filtering
    2. Disable using Autowhitelist for incoming email but keep auto-populate
    3. Do the same process on bi-weekly basis. (I just use a script)

  • Rick Stockley commented  ·   ·  Flag as inappropriate

    We are having the same issue, and it seems ridiculous that it is not an option. Looks simple enough to me to implement. Couldn't you just add an option on the Auto Whitelist page to either check MIME, check SMTP, or check both?

    Regardless, does anyone see any issue with activating the Header Checking option of "check if the email headers contain different SMTP and MIME fields". Then place that filter above the whitelist filter?

Feedback and Knowledge Base