haraka-plugin-known-senders

Increase the reputation of recognized sender domains.

Build Status Code Climate

NPM

haraka-plugin-known-senders

Increase the reputation of domains you exchange email with by sending them email.

Synopsis

Known Senders is based on the premise that domains users send email to are domains they also want to receive email from. By maintaining lists of domains that local users send email to, a weak but helpful form of automatic whitelisting is obtained.

How it works

This plugin inspects outgoing emails and adds the destination domains to a known senders database. When emails arrive from those known sending domains, this plugin stores a result object with the passing domain(s) name.

TL;DR

Outgoing messages are determined by inspecting the relaying property of the connection. If relaying=true, then the connection has been extended a form of trust, usually via AUTH credentials or IP ACLs. In those outbound emails, the sender domain and recipient domains are reduced to Organizational Domains and a redis entry is inserted/updated.

When emails later arrive from a domain your users have sent email to, the redis DB is checked and if a match is found, a result object is stored in the transaction results. That result can be scored by reputation engines like karma and used to affect the messages deliverability.

Such a karma rule would look like this:

280 = known-senders | pass | length | gt 0 | 5 | Known Sender

Authentication

Inbound messages are only checked against the known-senders list when the sender's Organizational Domain can be validated against a form of domain authentication.

There has currently three authentication mechanisms that can validate that a sending host has authority to send on behalf of the [purported] sending domain:

Ideas for additional authentication mechanisms

Mechanisms need not be 100% effective to be useful.

  • TLS certficate names
  • GeoLocation

Limitations

This plugin can boost the reputation of most marginally deliverable ham. Where it doesn't help is for messages coming from a Windows Exchange server (no DKIM signing support without $$$ 3rd party plugin) on a lame ISPs network that doesn't let them configure reverse DNS and whose admins haven't the clue to set up SPF properly.