Add IgnoreHosts options to Plesk`s DMARC implementation
Currently it is possible to whitelist only domain with IgnoreMailFrom parameter. However there could be false-positive DMARC failures (in case sender's strict policy and mail going throughout relay) due to which it could be useful to have option to whitelist specific network. It would be nice having this option available
During research, we have found that the request is about passing emails via intermediate mail gateway (which works as an anti-spam solution) and the idea of the request is do not check SPF for these emails on Plesk side.
In Plesk, there is already exist a solution for that: need to use "SPF Local rules" setting to configure an SPF record which will be used by Plesk to validate emails (including emails from an intermediate anti-spam solution). See KB article for mode details (https://support.plesk.com/hc/en-us/articles/360022753174) and Plesk documentation.
If it does not solve the issue on you Plesk environment and you still need the "IgnoreHost" option, let us know more details about you case for that in comments below.
Alexander Yamshanov commented
We are researching what else products are using in customers' environments as an incoming mail gateway for emails to find out is there any products that does not support SRS.
An owner of domain name with mails configures mail policies. The policy describes how emails should be processed by destination mail servers. Before develop possibility of allow ignoring a sender's policy, we want to be sure that there is really exists cases that could not be solved in correct and secure way.
Feel free comment and describe your envioronmetns and use-cases where you need the "IgnoreHosts" settiog to supress a valid sender's policy.
Alexander Yamshanov commented
SRS is supported by Plesk since 17.0.15 version, 16 August 2016 (c) https://docs.plesk.com/release-notes/onyx/change-log/#plesk-17015-preview15. The feature is enabled by default.
I am not an expert in Spam Experts. According Spam Experts documentation, the feature could be enabled/disabled on Spam Experts side ("Rewrite Sender Addresses"), see https://documentation.n-able.com/spamexperts/userguide/qsg/Content/C_Domain%20Level/domains/configuration.htm.
If you think that this functionality does not work or does not work correctly in Plesk, I suggest contacting the Plesk Support team (it is necessary to collect more information about mail headers and so on).
Using SRS for forwarded emails is more secure and correct., especially if the both product support it.
The filtering service is Spam Experts which from what I've read supports SRS and also found some old Plesk KBs or posts indicating Plesk doesn't support it or support it properly though maybe that has changed.
If there is a way to configure this in Plesk please let me know.
Jonas Ibsen commented
This would be fantastic when some of your customers use external spam scanning and others dont, but they are hosted on same server.
Wanderley Frias commented
When there is a match between "Return path" and "From" in the email headers, it is considered Spam; currently it can only be fixed with the proposed workaround: https://support.plesk.com/hc/en-us/articles/115002769014
I ask that it be possible to put the domains that apply in the whitelist so that it is delivered to the inbox.