Learn how to work with the approved and blocked senders lists in Email Security.cloud.
Within Email Security.cloud, you can define a list of approved senders or blocked senders for your organization.
You can define approved and blocked senders lists at the following levels:
The portal accepts entries in the following formats:
The list strictly applies to the envelope sender email address, also designated as RFC5321.Mail From.
Note: "X-Env-Sender" is inserted into the header of the email to assist administrators. If you enter a domain in your approved or blocked senders list, it includes all of its sub-domains automatically. For example, if you add mydomain.com as an approved sender, it will also apply to sub.mydomain.com.
Each entry is subject to validation rules to work properly. For a complete list, see our Validation rules for Anti-Spam approved and blocked senders lists article.
Do not put your domain name in your own approved senders list. By including your own domain name, you open the organization up to a security exploit.
This may occur because spammers sometimes spoof the sending email address to match the target email domain (you) in an attempt to bypass Anti-Spam scanning. Instead, include your partners' sending IP addresses.
To learn how each scanner flags an email, see About Anti-Spam detection settings and actions. This can be used effectively to only allow approved senders for a specific scanner rather than a complete bypass.