ExchangeDefender Advanced Features & Policies: Bulk Mailer Policy
Today, we are excited to showcase our brand new feature: Bulk Mailer Policy. This new feature was first announced last week as part as the new release of ExchangeDefender Advanced Features and Policies. (It is available to all of our ExchangeDefender PRO clients.) Bulk Mailer Policy simplifies process of blocking or allowing mail from bulk mail operations that are increasingly used by developers and hackers alike to relay mail.
Bulk mail operations, such as AmazonSES and Sendgrid, are large scale SMTP networks designed to enable developers to reliably deliver and manage email subscriptions. As such, bulk mailers generate a new sender email address (envelope-from) that the mail would bounce to if the message could not be delivered for any reason. Every time an email goes out a new sender bounce email address is created by the sender – solely for tracking the delivery and activity of that one message. Long story short, it makes it very frustrating to build a policy against something that is random and changes often.
ExchangeDefender Bulk Mailer Policy simplifies that process by maintaining a list of IP addresses the network is using (as defined by their SPF record) to relay messages. There are three options:
Scan – This is the default policy; every message is scanned by ExchangeDefender for SPAM content and it gets flagged as SPAM/SureSPAM if it looks like SPAM.
Allow – This policy will result in ExchangeDefender not scanning any mail from this network for SPAM content (viruses, malware, etc are still considered) and delivering it automatically.
Block – This policy will result in ExchangeDefender automatically labeling the message as SureSPAM.
Bulk mail sending networks have minimal requirements for subscription/use, and many are actively abused to relay dangerous content.
The main benefit of this feature is that ExchangeDefender is actively tracking IP address blocks associated with each network, minimizing the amount of time IT has to spend managing allow/block policy.
ExchangeDefender Advanced Features & Policies are available at https://admin.ExchangeDefender.com and should be setup and managed by a competent IT staff that can manage the entire scope of the policy. The issue with bulk mailer networks is that they are massive, easy to access, and often tied into shared hosting environments that are frequently compromised – what makes them convenient is what makes them dangerous. Unfortunately, if your 2FA/OTP or web site developer uses such networks, you have no choice but to allow the traffic through, and ExchangeDefender makes that easy! We make it just as easy to block them. Whether it should be enabled or disabled, and how, is something that each organization will have to assess and consider along with other cybersecurity policies that need to be in place.