Fortimail Cloud: Firmware version v7.2.4(GA-Maturity), build401, 2023.05.17
We are seeing Sender-Alignment failure for messages sent as Header From: <hostname>@sns.amazonaws.com From: amazonses.com These messages are passing SPF and DKIM. Obfuscated failure message from Fortimail console: Sender Alignment: ( From value: Sender <firstname.lastname@example.org>) does not align with authorization domain amazonses.com
Adding <hostname>@sns.amazonaws.com to 'Policy\Recipient Policy\Sender-Alignment-Safelist' fails to allow the messages to bypass Sender-Alignment check. I believe this is because the Sender-Alignment check is looking at the From address and not the Header From.
Excluding the amazonses.com sender is undesirable as it would allow any message from that mail domain to avoid Sender-Alignment check.
How can we bypass Sender-Alignment check on messages based on the Header From value of <hostname>@sns.amazonaws.com?
This is generally what we have been doing these last couple of months but we are slowly accumulating a lot of exceptions to compensate for Sender-Alignment failures when DKIM has passed. That is, in many instances, though the message has passed DKIM, it is still being flagged as Sender-Alignment.
Is there a way to lower the weighting precedence of Sender-Alignment or to globally have the check occur after DKIM and SPF? Simply, if the message passes DKIM we don't want Sender-Alignment to over-rule DKIM, noting all other checks will still occur.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.