Cisco Cisco Email Security Appliance X1070 Technical Manual
ESA Block Blank From: Addresses Configuration
Example
Example
Document ID: 117814
Contributed by Tomki Camp and Enrico Werner, Cisco TAC Engineers.
Jun 16, 2014
Jun 16, 2014
Contents
Introduction
Background Information
Configure
Verify
Troubleshoot
Related Information
Background Information
Configure
Verify
Troubleshoot
Related Information
Introduction
This document describes how configure block blank From: addresses in AsyncOS for the Cisco Email
Security Appliance (ESA).
Security Appliance (ESA).
Background Information
A blank From: address can be interpreted in several ways. Email messages have both envelope addresses and
addresses in the message headers. The envelope addresses are created during the Simple Mail Transfer
Protocol (SMTP) conversation when a message is received. SMTP requires an envelope−from address that is
non−null; therefore it is not possible to receive a message with a blank envelope−from address. The
envelope−from address <> is a special case that is specifically used by mailers in order to send bounce
messages. This is a signal to the receiving mailer that a bounce cannot be sent to that address; it is used to
prevent mail loops.
addresses in the message headers. The envelope addresses are created during the Simple Mail Transfer
Protocol (SMTP) conversation when a message is received. SMTP requires an envelope−from address that is
non−null; therefore it is not possible to receive a message with a blank envelope−from address. The
envelope−from address <> is a special case that is specifically used by mailers in order to send bounce
messages. This is a signal to the receiving mailer that a bounce cannot be sent to that address; it is used to
prevent mail loops.
The message headers, which include the From: header, are all considered part of the message content and are
not required to match the envelope addresses. This is used to good effect by list email. An example is where
long recipient lists are not included in the content From: header, but a list return address is often given
instead. This is also used in spam and viruses in order to mislead recipients about the sender of the message.
not required to match the envelope addresses. This is used to good effect by list email. An example is where
long recipient lists are not included in the content From: header, but a list return address is often given
instead. This is also used in spam and viruses in order to mislead recipients about the sender of the message.
Some messages have been observed to have no From: lines or blank From: lines. Although it might seem
desirable to drop messages with blank From: lines as probable spam, remember that it might offer little in the
way of an improved spam capture rate, but might increase false positives. A large percentage of
application−generated mail, newsletters, and bounces might have blank From: addresses and most spam
seems to have a false From: field.
desirable to drop messages with blank From: lines as probable spam, remember that it might offer little in the
way of an improved spam capture rate, but might increase false positives. A large percentage of
application−generated mail, newsletters, and bounces might have blank From: addresses and most spam
seems to have a false From: field.
Configure
Here is a message filter that drops messages that either have no From: in the message header or a blank
From: header. The filter evaluates to true if there is no From: header at all, or if the header has a null value.
From: header. The filter evaluates to true if there is no From: header at all, or if the header has a null value.