views:

41

answers:

2

One of my clients uses Trend Micro InterScan Messaging Security to protect their internal mail services.

Suddenly InterScan decided to filter out all messages coming from Google App Engine.

Unfortunately they haven't been able to whitelist the sender address as each e-mail gets a different one. For example, *3ckihSOVMMHlZHSL.JSMMHlZHSL.JS*@apphosting.bounces.google.com, with everything before the @ being variable.

Update I'm including this screenshot of how Interscan sees the incoming e-mail. Notice that all senders are different:

alt text

If I look into the e-mail headers, the apphosting domain appears inside the Return-Path field:

Return-Path: <36kSiSwYIBh0883XL3E7.5EH883XL3E7.5E@apphosting.bounces.google.com>

The "From" field looks ok. It says what I set it to say, but the spam filter only looks at the Return-Path.

My client sysadmin doesn't want to whitelist the whole apphosting domain, as it wouldn't be only whitelisting my application.


How could I bypass this e-mail filters if I can't get an unique sender?

Thanks,

+1  A: 

I am not well versed in spam filters, but it seems to me that if it can only whitelist based on one field, it is pretty lame. Unfortunately that does not help you. If this is an important client, and they absolutely refuse to budge, I see two possible paths forward:

  • Do some research into interscan to see if you can give the client some pointers (tactfully) on how to configure it to whitelist in such a way that your mail can get through, but only your mail.

  • Maintain a server outside app engine specifically for the purpose of sending emails. You can build a super simple web app that just sends out emails, and call it from within your app engine app.

Peter Recore
+1  A: 

You can't change the return-path header of mail sent by App Engine. The way I see it, you have two options:

  • Whitelist everything from App Engine. Spam from App Engine is not a big problem, because it's expensive to send in the huge numbers spammers need, and we're constantly monitoring for spamming and shutting spammers down.
  • Whitelist based on the X-Google-Appengine-App-Id header, which will be set to the app ID of your app.
Nick Johnson