ME020259 - HOWTO: How to block specific sender addresses


SUMMARY

How to block specific sender addresses.

DETAIL

One of the difficulties in blocking e-mail addresses is that there are actually two sender addresses associated with a message. One address is contained inside the headers of the message (i.e. in the message content itself). The other address is the address that the remote mail client or server addresses as its envelope information.

The envelope information can be seen by reviewing the SMTP logs noting the MAIL FROM: commands in the logs. Unfortunately, these two addresses can be different and spammers can address the messages as being sent from any address. Hence, someone can send a message with the envelope sender address as Postmaster@YourDomain.com , but the actual message contents can contain a different sender address in the headers (which is all that the mail client application sees when the message is opened).

Therefore, blocking specific e-mail addresses is not as simple as it may seem, since this actually requires content filtering (scanning the message headers itself) rather than simply blocking the message at the SMTP protocol level (MAIL FROM) as denoted in the SMTP log files.

MailEnable does not provide any filtering on addresses supplied via the MAIL FROM command other than checking the source IP address, etc. as outlined here: Article ME020084.

A special kind of sender can also be used in the MAIL FROM command. This is called a null sender and is represented by no sender address (which looks like <> in the SMTP conversation). Null senders are used for system generated messages, such as delivery failures.

There is a Windows registry key which can be enabled to block these null senders, but it is not advised to enable, as it will affect delivery of system generated messages, and may lead you to be blocked by remote servers. There may be some cases where you need to block them, so the registry key is:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Connectors\SMTP
"Block null senders"=dword:00000001

Restart the SMTP service when changing or adding this registry key.

MORE INFORMATION

Tracking message path and sender location: Article ME020338



Product:MailEnable (All Versions)
Module:General
Keywords:Sender address null SMTP how to block incoming mail messages email addresses
Class:HOWTO: Product Instructions
Revised:Wednesday, May 4, 2016
Author:
Publisher:MailEnable