Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Admin allow list doesn't bypass BULK Quarantine

Ottoman

Strangely, if an email address is added to the Admin Allow list and the Bulk action is quarantine, the email still gets quarantine.

Surely if an email address is listed on the Admin Allow list it should skip the Bulk email check, just as it skips the Spam email check?



This thread was automatically locked due to age.
  • 0

    Hello  ,

    Thank you for reaching out to the community, so if I understood correct you want to an exception for bulk emails from certain senders, right? if that is the case then we already have this a feature request - CEMA-I-304

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

    • 0 in reply to Vivek Jagad

      Thanks, we are checking with development because that should not be the case. Will come back after we have more information.

      • +1 in reply to Tom Foucha

        As mentioned in our internal testing, including my personal testing, it took up to 90 seconds for the allow list to propagate in the system then it worked as expected bypassing spam checks. If you continue to have issues please open a support case and we'll dig into it.

        • 0 in reply to Tom Foucha

          Thanks have verified that this in the case. In all my testing of various configuration options, I obviously never waited 2 minutes after making a change. Perhaps I need to learn to be patient Slight smile

          • 0 in reply to Ottoman

            Trust me I’m the same way. I tested and it didn’t work and I got our dev team involved and they said be patient and it did work.

            • 0 in reply to Tom Foucha

              Hi Tom,

              We're also having the same issues - We've added an email to allow list but it is still getting blocked for 'Bulk' spam.

              What are we supposed to do?

              Thanks,

            • 0 in reply to Vivek Jagad

              How would we bypass this in the time being Vivek?

              Would it be by creating a policy for specific senders and then turning 'Bulk Spam' off for these senders to certain users?

              • 0 in reply to Gerald Chau

                Hi everyone! 
                Please make sure that it is the "SMTP From" address that you have put into the Allow list and not the "Header From"
                this is because what really counts is the 'SMTP From' (or Envelope-from) value when it comes to email transaction. The 'Header From' is the "From:" in the body of the email which is very easy to spoof and so if Allow list is based on it instead then there a lot more chances of False Positives. 
                Here is a screenshot of what I mean:



                • 0 in reply to josepalad

                  Hi Josepalad, 

                  So what if the user/sender uses an Email Service Provider such as Sendgrid or send through a platform such as Salesforce?

                  You wouldn't be able to whitelist that as it will allow all legitimate and non-legitimate emails then right?

                  • 0 in reply to Gerald Chau

                    Came here to say exactly that  

                    We can't whitelist *.sendgrid because that would be a big problem - it would effectively whitelist anyone that uses Sendgrid, which are hundreds of thousand of companies, if not more.

                    Need a way to whitelist SMTP From sendgrid.net where the Header From equals XXXX - maybe there's a better way?

                    • 0 in reply to Ottoman

                      Agreed  , we've actually seen a lot of spammers use Sendgrid and other ESPs as well so definitely cannot just whitelist any ESP addresses.