Xeams Home » Products » Xeams » Knowledge Base
Document information
| Document ID: | 1213 |
|---|---|
| Subject: | Is whitelisting domains a good idea |
| Creation date: | 1/14/10 8:42 AM |
| Last modified on: | 1/14/10 8:56 AM |
Is white-listing domains a good idea?
Often administrators white-list their own domain in an attempt to prevent their own messages from getting stuck as junk. Additionally, some administrators white-list common domain names like Yahoo.com, Verizon.net, Hotmail.com and others. Although you can easily white-list a domain to allow certain emails get through the spam filter, we highly recommend you do not white list an entire domain.
Sender forgery in emails is very common. Therefore, when you white-list a domain you will inadvertently allow every spam message that has its sender forged. This article discusses a better approach to tackle this problem.
Rather than white-listing a domain, see if that domain publishes their SPF record. For argument sake, we take verizon.net as an example.
Step 1: Checking if verizon.net publishes their SPF record. This is done by submitting the following command from a console window (DOS prompt) on Windows. Similar command can be submitted from a Terminal window in Linux.
nslookup -querytype=txt verizon.net
The following screen shot shows the result.
Step 2: Add verizon.net as a trusted domain. Since verizon.net publishes their SPF record, you can add it as a trusted domain. Trusted domains are only applied if the SPF test passes where white-listing a domain does not care about SPF records.
Following steps show how to add verizon.net as a trusted domain.
- Log in as admin
- Select Sender Policy Framework under Filter Management.
- Click the link for Manage Trusted Domains
- Add verizon.net as a domain
- Click Save
What if an SPF record is not available?
If the domain in questions belongs to your, we strongly recommend adding an SPF record in your DNS server and then use a mechanism specified above to add that domain as trusted.We only recommend white-listing a domain if you do not expect some spammer to forge their domain name. Keep in mind that often virus-infected machine often send junk emails to everyone found in the contact list cross referencing the sender and recipients.
