Whitelist Test Exceptions

ORF is primarily a spam filter and its whitelists protect against accidental wrong spam email classifications. However, some tests of ORF are not specifically against spam. These tests are:

• DMARC Test: Verifies the authenticity of the sender address displayed by mail clients.
• DKIM Test: Verifies the integrity of the email content.
• SPF Test: Verifies the authenticity of the email sender.
• Honeypot Test: Bans servers sending to spamtraps.
• Recipient Blacklist: Validates the email recipients or disabled specific local mailboxes.
• Recipient Validation Test: Validates the email recipients using a live source (e.g., Active Directory).
• DHA Protection Test: Protects against Directory Harvest Attacks.
• Attachment Filtering Test: Test used to remove malicious/potentially dangerous payload from emails.
• External Agent Test: Can be used to filter for malicious content, e.g., viruses.

In ORF, whitelists generally take precedence over any of the blacklist tests and for email security purposes, this is not always suitable: you probably do not want to receive email viruses just because your whitelisted business partner's network gets infected (Agents/Attachment Filtering). Similarly, accepting emails that cannot be delivered makes no sense (Recipient Validation Test/Recipient Blacklist). SPF can be an important pre-filter before sender email address-based whitelists (Auto Sender Whitelist, Sender Whitelist) would run. The DHA Protection Test works in tight integration of the Recipient Blacklist/Validation tests, so if they are excepted, the DHA Protection Test is best excepted, too. The Honeypot Test is anti-spam, but if the spamtrap addresses are not valid and existing addresses, the Recipient Validation/Recipient Blacklist tests could render this test useless when they are excepted, so this test can be excepted, too.

When you mark a test as excepted in this dialog, it will be performed before (most of) the whitelist tests, thus it can blacklist the email if it would be otherwise whitelisted.

Notes

Which whitelists take precedence over excepted blacklist tests?

There are two whitelists tests that take precedence over even the excepted blacklists tests, these are the:

• Authentication Whitelist: Emails from authenticated clients are trusted and may be outbound (see the Authentication Whitelist topic).
• IP Whitelist: This whitelist has an important role in whitelisting outbound and internal emails.

Which Agents are excepted?

Only those agents are excepted that are marked with "Anti-Virus or Other Email Security" role. This is because some agents may perform spam filtering and other agents do virus filtering.