These days, email is an essential communication tool for businesses; there is no way to escape it. Whilst working on your computer, you might run into a common problem: the email spam filter blocks an important communication, or a tender gets lost in the recipients junk email folder. As a result, you might miss out on responding in time, which naturally in return can cause other issues. For this reason you may be tempted to ask your IT team to whitelist the sender address which is often a dangerous thing to do.

Whitelisting is the process of adding a specific email address (or even their whole domain name) to an exception list in your email system. The list can then bypass all the filtering rules in your system. This means that any email coming from that address will no longer be checked for bad links, bad attachments, or any other malware. Even if you know the senders, it doesn’t mean you can trust them 100% for never being hacked. Indeed, it is quite simple for malicious actors to send emails appearing to be from someone else without having their password. For instance, you’ll have no chance to know that the email you just received asking you to update billing details or to buy $1000 worth of gift cards is fake or not.

Simple Mail Transfer Protocol or SMTP is the name used for an email communication protocol. It has been designed so that anyone can send emails to any servers using any addresses, and with the maximum delivery. Therefore, the only thing stopping malicious actors from sending an email on your behalf to your customers is THEIR spam filter as well as some configurations on your side. These configurations relate to specific records (DNS) that are controlled by your IT team. When correctly configured, those records inform the Internet and other mail systems to only accept emails coming from your verified systems and thus reject all others.

Anti-spam systems range from simple to over-the-top complex but they all exist to protect you and your organisation from malware & viruses, not just spam. When an email gets blocked, it is always for a reason. Sometimes the reason is a false-positive (where an email was identified as bad but is actually good). However, instead of whitelisting the sender’s address forever and opening up holes in your security, it is preferable to ask your IT team to investigate the reason further so they can resolve the issue some other way.

To conclude, whitelisting should ONLY be used as a last resort because it represents too many risks in terms of IT security. Get your IT team involved to help ensure your DNS records are up to scratch and prevent malicious actors from pretending to be you.