Test Altospam’s solutions!
Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …
We have integrated post-processing statuses into our filters, enabling our customers and their users to take distinct actions on mail servers or workstations, depending on the type of message received. These statuses can serve several purposes: the first is simply to highlight emails for which thesender is certified (status: senderok), so that the user can process them with confidence. It’s also possible to use these tags to check SPF and DKIM compliance, or to validate how an email is seen by Altospam, for example.
Another benefit of this action is to avoid wasting users’ time by highlighting the most important emails, those with high added value that are clearly identified as legitimate. This simplifies the management of email overload in mailboxes, allowing the user to concentrate on safe emails first and put others aside for later processing.
In addition to the “bulk” status we discussed in a previous article: Unlink ads from other emails, we’ve added seven other possible statuses, which we’ll detail below. The mail status is entered in the proprietary header field: ” X-ALTOSPAM-STATUT “:
– bulk : these are emails sent in bulk. Either the sender has clearly identified the email as a “bulk” message, or it’s an advertisement or mass newsletter. Identification is based on several criteria: sent from routing platform servers, sent from specific email addresses and including identification elements, references to the CNIL and includes unsubscribe links, etc…
– spfok : SPF is valid. The presence of this tag makes it possible to quickly check the validity of a sender’s SPF entries.
– dkimok : DKIM is valid. As with spfok, this tag enables you to quickly check the DKIM compliance (confirmed signature and valid domain TXT fields) of a given sender.
– senderok : the server has been authenticated as authorized to send emails on behalf of the sender. This status is lifted under one of 3 conditions: either the SPF is valid (spfok), or the DKIM is valid (dkimok), or the reverse DNS domain of the sending server is identical to the sender’s domain. This status guarantees that the sender is who he or she claims to be, and that the address is not a spoof. This is useful, for example, when you receive emails from your bank or tax office, which are often very dubious…
– serverok : the sending mail server is considered secure and legitimate. Its reverse DNS is correct (valid and legitimate) and its IP is not blacklisted, or the server is whitelisted.
– mailok : this status is active when the mail has received a very low score. The anti-spam software let it through like clockwork, and everything seems to indicate that it’s in no way spam or junk mail: it’s valued. Its content, configuration, sending architecture, the mail as a whole is considered highly legitimate.
– senderwt : the sender of the message is part of your whitelist. All messages from this address will be accepted by Altospam.
– bounce : these are non-delivery messages sent by mail servers. These emails are legitimate, but they can sometimes pollute your inbox unnecessarily. If it’s a case of identity theft, Altospam’s default configuration enables it to be detected and blocked. But you can also let them all pass, so that you can process them later. Detailed explanations of Bounces can be found in our glossary.
– skip-localhost or skip-nosmtp: the e-mail has been sent directly from the Altospam server, and has not been filtered.
– skip-hostok: the sender’s IP address is included in Altospam’s list of authorized hosts.
– skip-destok: the recipient is part of a very specific list without spam filtering.
– skip-senderwht: the sender is present in a list of authorized senders.
– skip-senderuserwht: the sender has been whitelisted by the recipient (user whitelist).
These statuses can be added to each other, in which case they are separated by a space. For example, it is possible to find emails whose “X-ALTOSPAM-STATUS” field is of type :
X-ALTOSPAM-STATUT: senderok mailok spfok X-ALTOSPAM-STATUT: bulk senderok X-ALTOSPAM-STATUT: mailok X-ALTOSPAM-STATUT: senderok bounce spfok dkimok X-ALTOSPAM-STATUT: senderok mailok serverok spfok dkimok
In most cases, the order in which all statuses are displayed is as follows: ” bulk senderok mailok serverok bounce senderwt spfok dkimok “. The order has been defined to be as efficient as possible in terms of filtering rules (see examples below). It is quite possible that other statuses will be added in the future, in which case they will be notified subsequently so that the existing rules remain valid.
We’re now going to detail a procedure we’ve used as an example to show all safe emails with a confirmed sender in green: senderok, and advertisements in gray: bulk. The aim is to highlight legitimate messages to ensure that they are not in any way identity theft. This procedure will be detailed for Thunderbird and Outlook, so that as many of you as possible can apply it. On these two e-mail clients, filter management, and in particular header analysis, is not handled in the same way. On Thunderbird, you can search for a string in a header field, but the first recognized will be the only return. In Outlook, the search is performed on the complete string, header name and value, so you need to consider several combinations.
There are two steps to setting up the system in Thunderbird. First, we’ll create new “Labels”, then add a filter to associate the desired emails with the desired labels.
Go to : Options / Display / Labels, then “Add” a new “senderok” label, selecting green for example. Do the same for a “bulk” label, selecting light gray.
In the “Tools” menu, click on : “Then create a rule specifying that the “X-ALTSPAM-STATUT” header field contains the value: “senderok”, with the action of labeling the message as “senderok”.
You can then do the same for ads, by searching for the keyword “bulk” in the X-ALTOSPAM-STATUT header and assigning the label “bulk”. Then pay attention to the order of the rules, as only the first will match the query.
Once the rules are in place, this is how your emails will appear:
In Outlook, we’re going to use “Categories” to classify emails. To do this, click on : Edit / Sort / All categories… Add two new categories: “senderok” in green, for example, and “bulk” in light gray.
Once the new categories have been created, we’ll add filters. To do this, click on the menu: Tools / Rules and alerts…
Then create a first rule: select “with specific keywords in the message header”, specify as keyword: “X-ALTOSPAM-STATUT: senderok”, select: “assign it to the specified Category”, then specify the “senderok” category. Assign a name to the rule, specify that it is active and validate.
By defining the rule in this way, given the order in which Altospam assigns statuses, if the message is of type bulk and senderok, it will not be assigned to the category. In this case, the header would be composed as follows: “X-ALTOSPAM-STATUT: bulk senderok” and would not match our rule. Only “senderok” emails, but also “senderok mailok” or “senderok bounce” emails, etc., will be affected by the rule.
We’ve also created a second rule for ads, assigning “bulk” messages to the “bulk” category and reducing the mail’s priority to “low importance”. It would also be possible to move advertisements to a specific folder. Below is a summary of this rule:
If you were to create a rule to make all emails considered “safe” appear in a different color, or with the status: “mailok”, think of the different combinations. Here’s an example of a rule that might be interesting to create:
Test Altospam’s solutions!
Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …