Before You Begin
Black List entries are only effective against senders who continue to send email from the same address. Modern cyber criminals can use a different address for every email they send. We recommend only creating Black List entries if the sender address is known to be constant, or the cyber criminal is re-using the same address for some reason.
Problem
A mail message was not blocked even though the sender address matches an entry in one of the Black List types within the SpamSentinel Administration database.
Background Information
SpamSentinel Black List entries may fail to cause a message to be blocked under a few specific circumstances.
Solution
Determine which one of the following cases applies and take appropriate corrective action if necessary.
1. A Conflicting White List entry exists
If a mail message matches both a Black List entry and a White List entry, the message is considered to be 'White Listed' and will be delivered to the recipients. Check for conflicting entries in all the White List views in the SpamSentinel Administration database.
2. The Black List entry type is globally disabled
The options for the configuration field 'Black List' allows an administrator to enable or disable entire categories of black list entries. By default the following email address related categories are enabled:
- Black List Domain Lookup
- Black List Email Lookup
This field is found in the SpamSentinel Server Configuration document on the main tab 'White & Black Lists' in the sub-tab 'Black Lists'
3. The From and SMTPOriginator fields in the mail message are different.
In a Notes mail message, the MAIL FROM address from the SMTP transaction is stored in the 'SMTPOriginator' field which is typically hidden by the Notes Mail client interfaces. The From address in the SMTP data section is stored in the 'From' field and is displayed when the user views a message. The From and SMTPOriginator addresses are often different.
By default SpamSentinel will compare Black Listed email address and domain entries to just the SMTPOriginator field because this is much harder for spammers to forge a fake value for. However, SpamSentinel can also check the From field against the Black Lists as well.
Enable the choice 'Black List From Field Lookup' in the field 'Black Lists' which is found in the SpamSentinel Server Configuration document on the main tab 'White & Black Lists' in the sub-tab 'Black Lists'
4. Message matches one of the 'Do Not Check These Messages' lists
SpamSentinel can skip scanning messages if they meet one of the optional conditions in the Do Not Check These Messages lists. These are found in the SpamSentinel Server Configuration document on the main tab 'White & Black Lists' in the sub-tab 'White Lists'
- Skip Fields - if the message contains a specific SMTP header field it will not be scanned
- Skip Forms - if the message is stored in Notes using a specific form name it will not be scanned
- IP Addresses - if the message was received from a specific IP address it will not be scanned
5. Custom Notes Formula affect how the message is handled
SpamSentinel functionality can be extended or modified by using custom Formulas written in the Notes Formula Language. It is possible that these formula can cause a message to be delivered despite a matching Black List entry. Formula configurations are found in the SpamSentinel Server Configuration document on the main tab 'Advanced' in the sub-tab 'Formulas'
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article