Hari Ini Hari Jumaat 11 AUgust 2017 9.00am

The most important point in this discussion is the fact that this type of whitelist is often unnecessary. To begin with, an organization should have complete control on all hosts that are legitimately allowed to send emails using its domains. This is fundamental as a compromised machine can cause great damage to the domain reputation. The most obvious consequence is to end listed in RBLs.

Users necessitating access to their email from outside should do so using an authenticated interface to the Organization’s email servers. By accessing mailboxes directly through OWA or a VPN connection we bypass perimeter filtering altogether.

try upload


gambar ke 3

We start immediately with one of the most classic traps rookies regularly fall into. All emails sent by our organization are of course legitimate. So if the sender address is from our domain this can be whitelisted, right? This logic makes sense to anyone not aware of spoofing.

Spammers forge sender addresses all the time. They can very easily set the sender using an address from our own domain. Indeed this is probably the most classic spoof. For example spammers and malware distributors will forge the administrator address in order to convince users to open their emails. They are well aware of the domain whitelisting mistake discussed here and will regularly try to exploit it.

The second rule for today is a close relative of the first. Again these types of whitelists are the favoured targets of spammers and phishing attacks. The most typical example is the whitelisting of newsletters from large software vendors. If a highly popular newsletter includes some signature that never changes, then spammers will be very tempted to use that to their advantage.