haraka-plugin-known-senders
Increase the reputation of recognized sender domains.
haraka-plugin-known-senders
Increase the reputation of domains you exchange email with by sending them email.
Synopsis
Known Senders is based on the premise that domains users send email to are domains they also want to receive email from. By maintaining lists of domains that local users send email to, a weak but helpful form of automatic whitelisting is obtained.
How it works
This plugin inspects outgoing emails and adds the destination domains to a known senders database. When emails arrive from those known sending domains, this plugin stores a result object with the passing domain(s) name.
TL;DR
Outgoing messages are determined by inspecting the relaying
property of the connection. If relaying=true
, then the connection has been extended a form of trust, usually via AUTH credentials or IP ACLs. In those outbound emails, the sender domain and recipient domains are reduced to Organizational Domains and a redis entry is inserted/updated.
When emails later arrive from a domain your users have sent email to, the redis DB is checked and if a match is found, a result object is stored in the transaction results. That result can be scored by reputation engines like karma and used to affect the messages deliverability.
Such a karma rule would look like this:
280 = known-senders | pass | length | gt 0 | 5 | Known Sender
Authentication
Inbound messages are only checked against the known-senders list when the sender's Organizational Domain can be validated against a form of domain authentication.
There has currently three authentication mechanisms that can validate that a sending host has authority to send on behalf of the [purported] sending domain:
- FCrDNS: Forward Confirmed reverse DNS
- SPF: Sender Policy Framework
- DKIM: DomainKeys Identified Mail
Ideas for additional authentication mechanisms
Mechanisms need not be 100% effective to be useful.
- TLS certficate names
- GeoLocation
Limitations
This plugin can boost the reputation of most marginally deliverable ham. Where it doesn't help is for messages coming from a Windows Exchange server (no DKIM signing support without $$$ 3rd party plugin) on a lame ISPs network that doesn't let them configure reverse DNS and whose admins haven't the clue to set up SPF properly.