Flexible Allow Policy (Whitelisting) For Mass Mailers / BATS

Flexible Allow Policy (Whitelisting) For Mass Mailers / BATS

Caveat: This feature is not recommended by ExchangeDefender, we actively discourage you from using it, and it is disabled by default. At the same time, we understand that sometimes the risk of getting hacked is less painful than arguing with non-technical users… In other words, we got you.

ExchangeDefender is an SMTP proxy security service, we scrub your email and only pass on stuff that doesn’t look like SPAM. In order to make that happen, we use industry standards such as SPF, DKIM and DMARC to make sure the senders are legitimate. (envelope-sender aka “envelope from:”)

The challenge these days is that nearly all the automated email messages (password reminders, marketing messages, newsletters, order confirmations, 2FA/OTP, etc) are sent from a unique disposable email address. Instead of coming from orders@amazon.com (the email you see in Outlook/Gmail) they actually come from something like vlad=exchangedefender-com.23581.i32.1941kab@east-1.aws.amazon.com. These email addresses are automatically generated and only live for a short period of time (less than 24 hours) and are used to track bounces and failed deliveries. However, once you open the email your mail client looks at the “display from” address such as orders@amazon.com. This address can be forged easily by anyone and that is how hackers end up compromising end users easily (cyberattack process better known as “spear phishing“).

ExchangeDefender has a secure facility to manage legitimate newsletter senders and automated email platforms (Domain Admin > Advanced Settings > Bulk Mailer Policy) and we train our partners how to properly create allow policies for<a href=”https://www.exchangedefender.com/docs/whitelist“>Disposable Email Addressing</a>/BATS. If you’re not a fan of using that process, you’re going to love the new From: Policy feature.

ExchangeDefender From: Policy

ExchangeDefender Advanced Features has a new section called “From: Policy” which enables you to create an Allow Policy based on the Display From address (display-from/fake-from). You can find this new setting at admin.exchangedefender.com under Domain Admin > Advanced Features > From: Policy.

The policy is disabled by default, but if you enable it ExchangeDefender will search the email headers for the From: address and apply your Allow Policy (whitelist) using that address. Allow Policy forces ExchangeDefender to bypass all SPAM checks and will deliver the message to the users Inbox regardless of SPAM content (malware protection, virus protection, file attachment policies will still be enforced).

This feature will make delivery of automated messages (newsletters, password reminders, etc) much smoother with the side effect of making it easier for your users to get spear phished. However, this level of security exactly the same as whitelist/allow policy/trusted senders evaluations consumer email solutions such as Microsoft365/Outlook/Google Apps have, so if you trust their email security you can trust this as well.

-Vlad

tl;dr; You can now whitelist by the fake email address you see in Outlook/Gmail.