Skip to content

better way to filter spam sent through Salesforce?

General discussions and other topics.
4 posts Page 1 of 1
Post a reply

better way to filter spam sent through Salesforce?

by darrenk » Sun Nov 24, 2024 11:56 am
Over the past month I have been getting a steady trickle of spam sent through Salesforce owned IP addresses to my address which is on a hosted domain here at Sonic. Roughly 75% are caught by Spamassassin. The spam come from multiple domains, usually three words strung together, and seem to be anti-Democrat and pro-crypto. The subjects are not consistent. The spam originate from a variety of IPs but they all have 2 DKIM signatures, one for the domain in the email and another for a Salesforce domain,(x).y.mc.salesforce.com. I have been submitting reports to Salesforce abuse but more spam from different domains keep coming.

I know I can go into member settings and block each domain as they come in but that seems tedious and I wonder how long the list will get over time. Does anyone know of a better way of blocking these mails other than just adding the domains in blocklist in member tools?

-Darren
by fmc » Sun Nov 24, 2024 8:52 pm
Have found filtering all mail from 128.245/16 to be a great help. Tarpitting the whole /16 would be better.
by darrenk » Sun Nov 24, 2024 10:45 pm
fmc wrote: Sun Nov 24, 2024 8:52 pm Have found filtering all mail from 128.245/16 to be a great help. Tarpitting the whole /16 would be better.
Where in members tools can I setup a blocklist by IP address? I see a page where I can add entries for trusted networks but I don't see an option for something like untrusted networks.

-Darren
by fmc » Mon Nov 25, 2024 8:33 am
No idea. I don't really use Sonic for e-mail.

I do sometimes do horrible things with procmail to pre-filter the spam out of my inbox though.

Code: Select all

# anything from 128.245.0.0/16 (Salesforce/Exacttarget) (11 May 2024)
:0 :
* ^Received: from .*128\.245\.[0-9]+\.[0-9]
${INPREFIX}probable-spam/
4 posts Page 1 of 1

Return to “General”