Points allocation for domains for Level of Trust
The bonus points for Level of Trust are assigned to the respective domains in two different ways:
- Automatically based on an outbound email.
- Manually via the user interface under Partners or via the PowerShell cmdlet Set-NspPartnerTrustDetails.
For an inbound email from this domain to receive the stored bonus points, at least one of the following conditions must be met in relation to the domain that has a certain trust level:
- The SPF check is successful.
- The DKIM check is successful.
- The DMARC check is successful.
- The email is signed using S/MIME or PGP and the signature is valid (and matches the domain in the email header).
- The IP address is mentioned in the properties of the domain. This list is automatically filled with the IP addresses that NoSpamProxy can read from the MX and A records of the respective domain. However, the addresses are only collected if there is no DMARC record for the sender domain.
No check for validity of the SPF entry is performed if the domain with trust set only appears in the header. Therefore, no DMARC validation can take place. Consequently, if there is a difference between the MAIL FROM and Header-From domains, the email must have either
- at the partner entry a familiar subnet matches the submitting IP address or
- an S/MIME, PGP or DKIM signature belonging to the domain with the trust level set.
NOTE: In order for the above scenario to work, the Reputation filter must be enabled with checks for DMARC, SPF, DKIM and the sending IP address enabled in each rule where Level of Trust is active.