• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 514
  • Last Modified:

Broadcast service provider email caught in Postini

I have a client that uses an external service(Publicaster) to send out business related broadcast email messages.  Most clients receive these without issue.  This Publicaster allows my client to send the message as if it were coming from her own domain(user@abcinc.com) instead of user@publicaster.com(or whatever they use internally).

So I have two questions;

First the issue I'm running into is messages to these services get cause in my clients own Postini account when they cc themselves on the broadcast messages.  I understand why they are getting caught, Postini thinks Publicaster is spoofing us.  However if I whitelist their own email addresses then I open them up for real spoofs that we would want blocked.  Have any of you dealt with this situation and is there a way to allow these messages in without opening a dangerous hole in their spam filter?  I was thinking maybe if I could contact Publicaster, get their IP range and then either whitelist that range, or possibly add them to an SPF record?

Secondly, how do these broadcast services get around rDNS lookups for the external domains my client is sending to?  Don't those domains do an rDNS lookup and would see that Publicaster is not registered to abcinc.com?  Or do those services actually go through the trouble of setting up rDNS.  I assumed there would need to be some sort of authorization to register yourself as a specific domain.  I guess I'm looking for some clarification on how these broadcast services function and are able to get messages out without being blacklisted or the messages just dropped since they are not coming from the actual domain of the sender.

Thanks,
Mike
0
tw525
Asked:
tw525
  • 2
2 Solutions
 
PapertripCommented:
If you do not have their sending IP's in the SPF record for abcinc.com, that is most definitely the first thing to address.  I'm surprised your mails are even making it to the inbox.  Is Publicaster DKIM signing the mails by chance?
Don't those domains do an rDNS lookup and would see that Publicaster is not registered to abcinc.com?
The sending servers A/PTR (forward/reverse) records are unrelated to any domains that it is sending mail for.  
I assumed there would need to be some sort of authorization to register yourself as a specific domain.
There is, SPF :p  SPF says the sending server is allowed to send mails on behalf of the domain listed in the envelope-from header.
I guess I'm looking for some clarification on how these broadcast services function and are able to get messages out without being blacklisted or the messages just dropped since they are not coming from the actual domain of the sender.
I know what you are referring to, but the correct name is ESP (email service provider).  Anyways on to the actual answer.

1.  The ESP provides abcinc.com with their sending IP's to add to their SPF record.
2.  The ESP generates a DK and/or DKIM key pair and sends the public key to abcinc.com to create a DKIM TXT record in DNS.

That being said, I know for an absolute fact that a lot of small-time ESP's don't DKIM sign, so that could be a limitation for you.
0
 
PapertripCommented:
2.  The ESP generates a DK and/or DKIM key pair and sends the public key to abcinc.com to create a DKIM TXT record in DNS.

Woops, that should say "DK and/or DKIM TXT record in DNS".
0
 
Sudeep SharmaTechnical DesignerCommented:
>>>>I understand why they are getting caught, Postini thinks Publicaster is spoofing us.
 Go get around this issue, what we suggests the Publicaster to use a single email address to send the broadcast and then we add that single email address to whilelist. This would help in not whitelisting the whole domain and saving the organization from getting the spoof emails. Plus this would also help you in tracking or even blocking the same email address if you found that this particular email address is being used for sending spoof spam emails.
 
 In some cases Puclicaster uses multiple address, in our case it happens when the topic of broadcast changes and when that happen we add that newly email address to whitelist as well.
 
 >>>>if I could contact Publicaster, get their IP range and then either whitelist that range,
 Whitelisting the IP address would not skip the spam checking/bulk spma checking and content filtering of the emails coming through that IP address.
 In Postini IP whitelisting would only allow that IP address from not getting rejected by the Postini Network layer filtering. You could confirm that with Postini as well.
 
 Further, you could also create a content filter in Postini where you could set two conditions in one filter to allow the emails from Publicaster.
 
 One Content filter with two conditions:
 a) If Header matches --> IP address of the Publicaster, and
 b) From address contains --> @abcinc.com,
 
 Actions: --> Bypass spam check or delivery ...etc.
0
 
tw525Author Commented:
Thanks for the input guys.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now