Same IP but different sending domains RSS Back to forum
@Aaron W.:
Absolutely, it is legitimate. For instance, our company has multiple products and services, all with their own domain names like vamsoft.com, kompaktzoll.hu or vaminfo.hu. Forums notifications, newsletters and user emails are sent in the name of these domains via a single outbound email server only, so you may very well see a single IP sending for multiple domains.
Another and more common example would be professional newsletter services that may send in the name of various domains (although most would use their own transport-level domain name for handling bounces). Mailing lists (namely, hosting multiple mailing lists on a single server/farm) might be affected as well.
I think such test would have some value, but I am also concerned about false positives.
Is there a legitiment business need for a mail server to have a single IP but send from many different sending domains? I've been looking at the logs a lot today, and I've noticed that the spammy senders will use an IP until it has been listed, but change the sending domain many times.
If there were a ORF feature that was configured to 'block any emails from an IP which has sent 3 or more emails with different sending domains' would that cause false positives. I'm assuming there is a service of some type that would be harmed, but I was curious what is might be.
Thanks
Aaron W.