Chapter5 Configuring the Gateway to Receive Email
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
Sender Groups Defined by Network Owners, Domains, and IP Addresses
Since the SMTP protocol has no built-in method for authenticating senders of
email, senders of unsolicited bulk email have been successful at employing a
number of tactics for hiding their identity. Examples include spoofing the
Envelope Sender address on a message, using a forged HELO address, or simply
rotating through different domain names. This leaves many mail administrators
asking themselves the fundamental question, “Who is sending me all of this
email?” To answer this question, the SenderBase Reputation Service has
developed a unique hierarchy for aggregating identity-based information based on
the IP address of the connecting host — the one thing that is almost impossible
for a sender to forge in a message.
An IP Address is defined as the IP address of the sending mail host.
A Domain is defined as an entity that uses hostnames with a given second-level
domain name (for example, yahoo.com), as determined by a reverse (PTR) lookup
on the IP address.
A Network Owner is defined as an entity (usually a company) that controls a
block of IP addresses, as determined based on IP address space assignments from
global registries such as ARIN (the American Registry for Internet Numbers) and
An Organization is defined as an entity that most closely controls a particular
group of mail gateways within a network owner’s IP block, as determined by
SenderBase. An Organization may be the same as the Network Owner, a division
within that Network Owner, or a customer of that Network Owner.
dnslist[dnsserver.domain] DNS List query. For more information, see Sender
Groups Defined by Querying DNS Lists in the HAT,
Special keyword that matches ALL addresses. This
applies only to the ALL sender group, and is always
included (but not listed).
Defining Remote Hosts in the HAT: Sender Group Syntax