When does Level of Trust assign bonus points for the sender domain?
This article describes the behavior of the Level of Trust Filter with regard to the domain bonus point awarding starting with NoSpamProxy version 11.1.
The bonus points as such can be assigned to the respective domains in two different ways:
- Automatically as a result of an outbound email
- Manually via the GUI (under Partner) or via PowerShell (Set-NspPartnerTrustDetails).
In order for an inbound email from this domain to receive the stored bonus points, the following conditions must be met (this is an OR operation):
- the SPF check is successful
- the DKIM check is successful
- the DMARC check is successful
- the email is S/MIME- or PGP-signed and the signature is valid (and matches the domain in the email header)
- the IP address appears in the domain properties. This list is automatically populated at night with the IP addresses that NoSpamProxy can retrieve from the MX and A records of the respective domain. However, the addresses are only collected if there is no DMARC record for the sender domain.
It is important to note that no check for the validity of the SPF is carried out if the domain with the set trust only appears in the header. Thus, no DMARC validation can take place. Consequently, if there is a difference between the Mail-From and the Header-From domain, either
- a trusted subnet must match the sending IP address in the partner entry, or
- an S/MIME, PGP or DKIM signature must be attached that belongs to the domain with the trust level set.
In order for the scenario described above to work, the action “Check SPF, DKIM and DMARC” (only version 11.1) or the reputation filter with activated checks for DMARC, SPF, DKIM and the sending IP address (from version 12) must also be activated in every rule in which Level of Trust is active.
In version 11.x, the action does not affect the assessment, but only logs the data.