Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1638
Views
0
Helpful
3
Replies

Explicit SPAM Exception against CRM Integration

Shivbala
Level 1
Level 1

‎07-30-2019 05:55 AM

Looking for possibilities where I can integrate Ironport SPAM filtering against our CRM portals such as Zoho, Freshworks, salesforce etc to whitelist our customers emails against SPAM filtering policy.

Any inputs?

Labels:
0 Helpful
3 Replies 3

haydan
Level 1
Level 1

‎07-30-2019 09:55 AM

If the goal is to target emails coming from CRM platforms and allow them to bypass the Anti-SPAM, you'll need to use a Message Filter as this occurs before the IPAS in the mail flow path. I setup a similar filter last year that allows select salesforce.com emails to bypass the Anti-SPAM engine. Typically with CRM or mass mailing platforms (ie: sendgrid.net), the envelope sender will contain a client ID which is represented in the form of a series of numbers. For example; "Client_ID"=domain@salesforce.com 3242325=domain.com@salesforce.com The client ID can be used as the identifiable condition. If you have many entries, you can use a dictionary combined with regex to get the best results. Here's some sample regex that would work. SPAMBYPASS_Sendgrid if (mail-from ="(?=\b789458\b)(?=.*(?i)sendgrid.net$)") Another condition option if you want to use dictionaries. SPAMBYPASS_Salesforce: if ((mail-from-dictionary-match("Salesforce_Senders", 1)) AND (mail-from == "(?i)salesforce\\.com$")) OR (mail-from-dictionary-match("Salesforce_Hosts", 1)) The actions will be the same. { skip-spamcheck(); log-entry("$FilterName"); skip-filters(); }
0 Helpful

Rizzkhn
Level 1
Level 1

‎10-22-2021 03:56 AM - edited ‎11-03-2021 01:21 AM

You're out of options. There is no single solution that will meet all of your needs. Sincere response from a Zoho CRM Integration firm. You should work on changing your user specifications. Having multiple pipes, for example, could be transferred to multiple work queues. Dynamics can easily do this if you work on the MSFT ecosystem. If you're more into the Google Apps ecosystem, I'd suggest SFDC.

0 Helpful

marc.luescherFRE
Spotlight
Spotlight

‎10-25-2021 06:37 AM

We approached the problem as part of our DMARC implementation project.

 

 

Every external trusted sender must have a valid DKIM key.

While this took some time to get all our 10+ Salesforce instances to be compliant it allowed us to leverage basic message filters afterwards to trust our own Salesforce email(s).

 

CLIHeader_Salesforce_I6_v4: if (header("DKIM-Signature") == "xxxxxsalesforce") AND (mail-from == "donotreply@salesforce.com")) {
log-entry("--CLIHeader_Salesforce_I6_v4--");
insert-header("X-IronPort-ApplicationHeader", "Defaultv2");
add-heading("External_Warning_TrustedApp");

skip-spamcheck();

}

 

This can be done for 95% of all externals enders and you will end up with good controls.

 

-Marc

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents