Allow Messages from Services, such as Printer, Application Service, and more…

If messages from a known services used by your organization are getting quarantined, please refer to the below article.

Examples are:

  • Printer / Scanner messages
  • Application Service Messages
  • Ticketing System Messages
  • Or anything coming in from your own domains.

Cause

Spambrella is designed to prevent spoofing of your domains by any external sending IP’s as this is a common practice used by spammers. Any inbound messages coming from any address using your domains will automatically be flagged as a spoof and quarantined.

Issue

Filters should be used whenever you have an authorized service that sends messages from your own domain to your users.

Common services include:

  • Printers/scanners
  • Invoice services
  • Helpdesk/ticketing services
    Newsletter services etc. (referred to as just “services” in this article)

Solution

Insuring Authorized Services For Your Domains Can Send Inbound Messages:
There are 3 common ways to avoid spoofing triggers for authorized services:

  • Services hosted on your own network i.e. Printer / Scanners etc. should use the external IP that messages come from.
  • Services hosted by external providers i.e. Zendesk, Mail Chimp, KnowBe4, etc. will generally be able to provide you the full range of sending IPs for their service.

Spambrella will accept CIDR notations as large as /24.  If you are provided anything smaller than /24 you will need to convert those to /24 CIDR.

SECURE – CREATE AN INBOUND FILTER TO ALLOW MESSAGES FROM THE SPECIFIC SENDING ADDRESS

You can create an inbound filter to allow all messages from a specific address i.e. ‘ticketing@yourdomain.com’, ‘Invoice@yourdomain.com’ etc.

  1. Navigate to ‘Security Settings‘ and click Email > Filter Policies
  2. Click New Filter and select Inbound.
  3. Enter an appropriate name and click Continue.
  4. Leave Scope at Company (yourdomain).
  5. Set Criteria:  IF <Sender Address> <IS> “address@yourdomain.com”  (You may use wild cards.  i.e. printer*@yourdomain.com)
    1. For increased security, you may opt to Add Another Condition.
    2. Set Criteria: IF <Email Headers> <CONTAIN(S) (ALL OF)>  <header info that matches service senders information i.e. @zendesk>
  6. Set the Do action to Allow.
  7. Add a brief description of the filter in the Description field on the right.
  8. Click Save.

LEAST SECURE – CREATE AN INBOUND FILTER THAT ACCEPTS ANY MAIL FROM YOUR OWN DOMAIN.

  1. You can create an inbound filter to allow all messages from a specific address i.e. ‘ticketing@yourdomain.com’, ‘Invoice@yourdomain.com’ etc.
    1. Navigate to ‘Security Settings‘ and click Email > Filter Policies
    2. Click New Filter and select Inbound.
    3. Enter an appropriate name and click Continue.
    4. Leave Scope at Company (yourdomain).
    5. Set Criteria:  IF <Sender Address> <IS> “*@yourdomian.com”
    6. Set the Do action to Allow.
    7. Add a brief description of the filter in the ‘Descriptions’ field on the right.
    8. Click Save.

We do not recommend this option as it will allow messages from spammers through that spoof your domain(s).

Further Reading:

Azure Active Directory Sync Guide – New API Version

Configuring Office 365 for Spambrella