Tons of blacklisted emails - ORF Forums

Tons of blacklisted emails RSS Back to forum


Hello sirs! I've got the following situation:


Time: 8/25/2022 1:49:54 PM GMT+0300 (local)
Sender Email:
Author Email: (not available)
Recipient Email:
Source IP: (not available)
Remote Peer IP:
Action: Rejected
Email Subject: (not available)

Blacklisted by the Recipient Validation.

Filtering Point: Before Arrival
Event Class: Blacklist
Severity: Information
Related Test: (not available)
HELO Domain: (not available)
Message ID: (not available)
Log Mode: Verbose
ORF Version: 6.7 RELEASE

------------------------------------------------------------------------------- is definitely my domain. But I've neither user "admin" nor "". I've tried to blacklist sender "" but no use - there are hundreds of incoming (but rejected) mails from that sender. Is there any idea how to stop that?

Thank you in advance!

by vkomyakov 1 year ago

@vkomyakov: As long as these emails are blacklisted by ORF, there is nothing to worry about. I suggest the following:

1. Make sure the DHA Protection Test is enabled (ORF Administration Tool > Blacklists > DHA Protection Test). This will temporarily ban the IP address of spammers who keep sending emails to non-existent mailboxes in your organization.

2. Make sure the SPF Test is enabled (ORF Administration Tool > Authentication > SPF Test), and your domain has a published SPF record:

If you need further assistance, just let me know.

by Daniel Novak (Vamsoft) 1 year ago
(in reply to this post)


Hello Daniel!

Thank you for explanation. I did enable these tests, just was a little curious why they kept trying to send those fake emails. Thanks again.

by vkomyakov 1 year ago

@vkomyakov: Spammers often "spoof" the domain name in the sender email address to impersonate a company or a person within the organization, in at attempt to deceive the recipient or to exploit a misconfigured email filter. ORF can block such emails using the DMARC and SPF tests.

by Daniel Novak (Vamsoft) 1 year ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2