Mail Assure

Whitelisting Domains lead to carte blanche FROM spoofing

We've noticed a lot emails with viruses getting through Mail Assure and being caught by Pure Message on Exchange.

We've whitelisted our parent company and that has lead to a bunch of spoofed emails getting through Mail Assure's filters.

 

Further analysis on the Pure Message caught email headers shows a parent company email address in the FROM field, yet all other recursive checks are not executed and Mail Assure is just checking the FROM field. No DNS/IP/MX record checking on the domain.

 

One email came from Nicaragua, proxied through Turkey and was whitelisted. Even though the FROM domain name is in North America when doing any type of record check. Not to mention we had Turkey as a blacklist country.

 

This is basic email filtering 101, I'm surprised at such an obvious flaw.

Tags

Idea No. 3742