IP Reverse Lookup

IMPORTANT: Using SPF is a better option than using this filter. The only reason to use this filter is if you have disabled SPF filtering.

Every email server that publicly receives emails from the Internet must have a valid MX record in the DNS. This rule checks if the email came from a server that also accepts emails for sender's domain. IMPORTANT: Do not enable this rule without reading the following section.

When to use this filter

Although use of this rule will eliminate almost all spam messages, there is a high probability that you will lose good emails as well. However, if configured correctly it can reduce spam while preserving good messages. Consider the following scenario where this rule is useful.

Spammer's often forge the sender's domain name, for example:

Received: from ([145.18.14.53])
To: you@yourcompany.com
From: you@yourcompany.com
Subject: Save money...

For cheap software visit http://www.spammer.com

In the above example it seems that you are sending yourself an email, whereas the email actually originated from 145.18.14.53 that happens to be a server on the Internet.

If you know which email server(s) are used to send out-bound emails from your company you can enable this rule, which will make sure that any email where the sender's domain matches your company's domain originates from one of the known IP address.

How to enable this rule

Enabling this rule is a two-step process:
  • Selected the Enabled check box in Admin Console for Reverse IP Lookup rule.
  • Create a text file in the config directory called "ipVerifierDomain.dat". This file holds the domain name for which this rule should apply. Therefore, if your domain name is "mycompany.com", you should put mycompany.com in this file. IMPORTANT If this file does not exist, this rule will apply to ALL domains, which will make ITA Secure Messaging to do a reverse lookup on all domains and you might lose good emails as well.

Example ipVerifierDomain.dat file

# Line starting with a # sign is a comment
# Put one domain per line.
yourcompany.com
someotherdomain.com

How does this rule work

For every email this rule resolves the IP Address for ALL the MX record entries in the DNS for the sender's domain. If the senders IP address matches any one of the resolved IPs in the DNS, the rule will assign a negative score. If the IP does not match the email is assigned a positive score.

Additionally, you can put a source IP address in the Whitelist to accept any message from certain sources. If an IP address is white listed, this rule will be ignored.