cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1630
Views
5
Helpful
2
Replies

Easy question about Content Filtering

spepin001
Level 1
Level 1

Hi,

I have a Mail policy to whitelist list of identified senders, to skip spam, virus & Graymail verifications.

Recently, my company decided to use Pardot application, to send newsletter campaign.

Users asked me to whitelist the address, because they noticed sent mails were classified as Bulk, and store into a dedicated quarantine.

I ran tracking on my M170 to check that, and noticed the "from" address is forged. It's look like something like that :

bounce-44383_HTML-821263855-69612-7305218-654@bounce.s7.exacttarget.com

My problem is the lastest value between - and @ is not the same a each campaign...That seems to be an incremental value...

I don't expect to whitelist all mails from exacttarget.com, because it's a source of spam.

I tried to created a Content Filter, to dectect the 13 first characters, and "attached" it to my Whitelist policy, but that doesn't take effect. All the tests we made by using Pardot, were intercepted...

What is your advice to solve this situation ? Can I use regular expression into Senders list's into my Policy ?

Thanks

Sylvain

1 Accepted Solution

Accepted Solutions

marc.luescherFRE
Spotlight
Spotlight

Long story short.

 

Techtarget is used by many applications to whitelisting it as is should be avoided.

 

The way we approach external service providers is like this :

 

a) Ask if they can use an email address from your domain and do a proper SPF, DKIM setup so it passes DMARC validation.

b) Fallback - Try to find two common elements in the SMTP header which are present in every message like

    X-Parrot-ID or from and then built a message filter like this

 

    if (header("X-ParrotID")) AND (header("from")) == "sender.parrot.com") {
                                                         log-entry("--CLITagExternalHeader_Parrot--");
                                                         add-heading("External_Warning_Parrot");

                                                        other required elements;
                                                     }

 

I hope that helps....

View solution in original post

2 Replies 2

marc.luescherFRE
Spotlight
Spotlight

Long story short.

 

Techtarget is used by many applications to whitelisting it as is should be avoided.

 

The way we approach external service providers is like this :

 

a) Ask if they can use an email address from your domain and do a proper SPF, DKIM setup so it passes DMARC validation.

b) Fallback - Try to find two common elements in the SMTP header which are present in every message like

    X-Parrot-ID or from and then built a message filter like this

 

    if (header("X-ParrotID")) AND (header("from")) == "sender.parrot.com") {
                                                         log-entry("--CLITagExternalHeader_Parrot--");
                                                         add-heading("External_Warning_Parrot");

                                                        other required elements;
                                                     }

 

I hope that helps....

Thanks Marc, I follow your advice, and I create a Mail Filter, to skip GreyMail filters, if the mail-from contains the beginning of the sender.
The first tests we could make, were successfull.