How to whitelist a domain while blocking forgeries using that domain?

QuantumMechanic asked:

How do you deal with the case of:

  • wanting to whitelist a domain so that emails from it won’t get eaten, but
  • not having emails forged to appear to be from that domain get bogusly whitelisted

whitelist_from_recvd looks promising, but then you have to know at
least the TLD of every host that could send you mail from that domain. Often will outsource email to one or more sending companies (like Constant Contact and the like) in addition to using servers that reverse-resolve to something in its own domain. But it looks like whitelist_from_recvd can only map to one sending server pattern so that would be problematic.

Is there a way to say something like “if email is from domain X, subtract N points from the spam score”?

The idea would be that if the mail is legit, that -N will all but guarantee it isn’t considered spam. But if it is spam, hopefully all the other failed tests will render it spam even with the -N being included.

My answer:

This is the problem that Sender Policy Framework solves (if it’s implemented correctly). The catch is, the sender has to set it up.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.