Level of Trust
Level of Trust is a multi-layered concept that assesses the trustworthiness of a communication relationship or domain.
The quality of the connection history has the greatest influence on trust. A reliable and lasting communication relationship ensures that the level of trust increases; an unreliable and fragmented communication relationship ensures that the level of trust decreases.
NoSpamProxy includes various criteria in the calculation of the value:
Domain relationship Regular outbound emails to a specific email domain are rewarded. So-called freemailers are excluded from this regulation by default.
Address relationship between sender and recipient Outbound emails to certain external addresses are rewarded with a high trust bonus.
Combination of sender, subject and domain Reply emails are rewarded if the subject and domain are unchanged.
Message ID The message IDs contained in email headers are rewarded - similar to reply emails - if they are unchanged.
Delivery notifications Valid notifications are rewarded, invalid notifications are penalised.
NoSpamProxy rates an email as trustworthy if one of the bonuses described above is at least 40 points. The prerequisite for this is that the conditions mentioned at Points allocation for domains for Level of Trust are fulfilled. If you want to ensure that emails from a specific partner are delivered, set the trust value fixed to 40 or higher.
NOTE: To protect the data, the relationship is not stored in plain text, but only in the form of a hash value (checksum).
If there is no outbound communication with a particular partner for a certain period of time, the level of trust is automatically reduced. This decrease in value occurs for both bonus and penalty values.
Automatic removal of partners
Partners are automatically removed when the Level of Trust value of the respective domain has dropped to 0 and the partner does not have any other properties that prevent this, such as stored users, passwords or certificates.
The bonus points for Level of Trust are assigned to the respective domains in two different ways:
- Automatically based on an outbound email.
- Manually via the user interface under Partners or via the PowerShell cmdlet Set-NspPartnerTrustDetails.
For an inbound email from this domain to receive the stored bonus points, at least one of the following conditions must be met in relation to the domain that has a certain trust level:
- The SPF check is successful.
- The DKIM check is successful.
- The DMARC check is successful.
- The email is signed using S/MIME or PGP and the signature is valid (and matches the domain in the email header).
- The IP address is mentioned in the properties of the domain. This list is automatically filled with the IP addresses that NoSpamProxy can read from the MX and A records of the respective domain. However, the addresses are only collected if there is no DMARC record for the sender domain.
No check for validity of the SPF entry is performed if the domain with trust set only appears in the header. Therefore, no DMARC validation can take place. Consequently, if there is a difference between the MAIL FROM and Header-From domains, the email must have either
- at the partner entry a familiar subnet matches the submitting IP address or
- an S/MIME, PGP or DKIM signature belonging to the domain with the trust level set.
NOTE: In order for the above scenario to work, the Reputation filter must be enabled with checks for DMARC, SPF, DKIM and the sending IP address enabled in each rule where Level of Trust is active.
To prevent attacks with fake email addresses, we recommend that you make some form of authentication a precondition not only for the domain bonus, but for all bonuses. See General tab.
How to activate Level of Trust The Level of Trust system must be activated per rule. See Configuring general settings for rules.
How to configure Level of Trust The settings for Level of Trust are made under Level of Trust Configuration. See Level of trust configuration.