Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

AntiSpam strange behaviour

Hello everyone. 


Can someone please describe me why this example spam mail was delivered to user ? 

I attached a export from fortimail with an example, and it is looks like whitelisted value "" was marked as equivalent to  "" that is present in From field. 


How is it possible ? 


Here is a detailed trace for a mail: 




Your user has that sender in his whitelist, (see classifier tab: User Safe)




/ Abel

regards / Abel
New Contributor

that is not true actually.... 


because my user have in whitelist address:

and we are getting mail whwere From parameter is set to:


which is far away from beeng look like whitelisted address.

This one is even from different domain, from




You have Personal Safe List entry for "" and this is what appears in the Header From (see the first history log line).

Dr. Carl Windsor Field Chief Technology Officer Fortinet


isn't it ridiculous behaviour? 

it is really look like a golden cave for spammers :) because basically anyone from anywhere can sent a mail, and all what this sender need is to set a HeaderFrom address as one that will be accepted. 



ok, next question, what can be done to stop that(and don't tell me "remove that address from whitelist")? 


New Contributor



is anyone is know a word "phishing attack" ? 

isn't is is exactly what is happening here? 


When someone is trying to pretend to be someone else, for some reason. 

the key word is "pretend" :) 


here is spammers is trying to pretend to be a legit sender, and you system is accepting mails with with salt, bread, and dances over that mail, and more over, a senior director and product manager is trying to tell us that it is correct behavior. 




This is not the normal correct behavior, this is only the case when you have explicitly safe listed the sender.   Safe listing is for working around situations where the sending party may not have their mail servers configured correctly (blacklisted IP, SFP fail etc) but where you must receive their emails.  There is a warning to this effect in the admin guide for this reason.


Dr. Carl Windsor Field Chief Technology Officer Fortinet


There is many things in your reply do not fit to my case. 


At first user whitelisted a pretty well defined address, not even close to wildcard.

And for some reason, system think that this ""  whitelisted address is exactly equal to this monster address = that is comming in From field


So I still do not understand how this could happen at all. 


like this is not my first time working with antispam. 

I got experience previously working with IronPort, ProofPoint, Retarus, Sendmail. And all of those systems never allow this thing to happen at all. And here instead of trying to provide some solution of how to fix that, I am get a message that it is exactly how it must work :) that's really funny.  


The wildcard in the example is to show that safelisting should be used with caution because of the impact it could have.  Caution should still be used for exact matches.


>And for some reason, system think that this ""  whitelisted address is

>exactly equal to this monster address = 

> that is comming in

>From field


Your email was addressed as follows:


Mail From:

Header From:


The Safelist matched the Header From.


Dr. Carl Windsor Field Chief Technology Officer Fortinet




I hope that we both are agree that main here is a Mail From address, as it is represent a real sender address. 

Header From is needed to change displayed address in outlook client. And no doubts with this here? 



And now the question is: How we need to modify that system to make it match whitelistings with Mail From addresses, and do not touch Header From ? Or maybe what else we can change, to prevent that kind of spam to be accepted ? 



Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors