I understand you are

RonnieArrowECS · ‎03-31-2014

Hi all,

Quick question in regards to a IconPort C150 Appliance with AsyncOS 7.5

When partner send on behalf of our company and we have added their email servers to our SPF record in DNS. do we need to do something on IronPort too?

To my knowledge we are doing default anti spam checking and use bounce verification. Because of the bounce verification i am concerned when a partner email out to our customers making it look like it came from us. this will probably flag up as the bounce verification would have been involved.

So i wondered. is it as simple as just adding a partner to the HAT Overview > Whitelist or should i create a new Incoming Mail Policy?

Thanks in advance for the advice

Jacqueline Fleming · ‎04-01-2014

I understand you are conserned that Bounce Verification may affect your Partner's email. This will depend on how the Envelope Sender is built:

- If they send as user@yourdomain.com: The emails will bounce back to your ESA, but those bounces will come from a variety of IPs. The ESA will have no way of knowing they are related to your Partner.

There are workarounds using Filters & custom headers (example: http://tools.cisco.com/squish/Cd71E) , but you would need to know details about every mailing that your Partner was planning to send on your behalf so you could create those Filters in advance.

There is an exception to this situation: if the Partner sends all the messages to your ESA for delivery to the final Recipient. Bounce Verification will be tagged on these messages so your ESA can handle the bounces appropriately.

- If they send as yourorg@theirdomain.com: The bounces will go back to thier sever and be processed there. This is considered 'best practice' as it allows the Partner to update their mailing lists; when bounces go to you, they get no feedback on thier mass mailings.

Add partner to whitelist or create new incoming mail policy for partners