WAF-blocked countries causing spam filter triggering

Hello -

I host several small sites of municipal or regional (I am in southwestern Ontario, Canada) scope on a very modest server. I have blocked access to these sites to most of the world beyond Canada and the U.S.

A few of my clients run into trouble from time to time having their emails flagged as spam. Using mail-tester.com it comes to pass that many of the links in their emails are considered “broken” and I believe that is due to the spam filtering service possibly being located outside of North America (and therefore unable to see a valid, working link). The report from mail-tester.com reliably lists links to sites on my server as “[403 - Error : Forbidden]”.

Does anyone have any advice? I feel like I am at an impasse that might require me to open up traffic to places in the world that just consume bandwidth, unnecessarily tax the humble capacity of my server and present potential security concerns. Is there a way to obtain the IP addresses of common spam services so I could allow them through via CF WAF so they can validate links?

May I ask how did you done that?
Are you using some kind of a tool or a service installed on your origin host, which would check and prevent the IPs trying to connect from other countries (like GeoIP, MaxMind, etc.)?
Which if yes, might result the e-mail server from someone else cannot connect to your MTA on your server because your server is refusing them (blocking).

For example, having Imunify360 installed on a VPS or a dedicated server, we have an feature so we can restrict countries from connecting to our server.
Therefore, if for example I blocked Australia and few more like Germany, etc., while my server is located in the US.
It would mean, noone and neither from some [email protected] domain, who’s server is in Australia or Germany (determined by the IP of the connection) and using e-mail from the same location (Country), the request couldn’t connect to my server as it’s restricted only to the US.
Therefore, the “ceo” from that business or a company should (and could) have sent the e-mail to your e-mail [email protected] via some of the e-mail provider from the US like Gmail, Microsoft or others, which would normally pass.

Or you’re blocking the access to those sites using Cloudflare and Firewall Rules? :thinking:

It sounds to me like it’s exactly what I described in the above example, or I am wrong? :thinking:

Otherwise, you might have some issues with receiving and/or sending e-mails via your domain while using Cloudflare? :thinking:

Might be you’re missing SPF or DKIM/DMARC.

May I suggest checking below article if your e-mail records (usually the A mail and the MX record) are configured properly while you are using Cloudflare for your domain name:

I would also recommend looking into the below article due to further prevention of your e-mails being marked as a SPAM at the recipient’s side:

Except, if you’re using Cloudflare Firewall Rules and then those visitors/users whom click on those links from the e-mail footer, cannot open it and see an error like 1020?

I am not aware of and not sure if that is possible with CF WAF :thinking:
As it seems to me, CF WAF shouldn’t have something to do with e-mails.

Might be I haven’t understood it correctly what the issue is here.
Kindly and patiently wait for another reply.

1 Like

Thanks for the reply!

My SPF/ DKIM/ DMARC entries are all OK.

My WAF blocking consists of rules (to the effect of):

  1. (ip.geoip.country ne “CA” and ip.geoip.country ne “US” and not cf.client.bot)
    … Which I’d done via the GUI by setting Country - Does Not Equal - Canada AND Country - Does Not Equal - United States AND Known Bots [left unchecked] THEN present with Managed Challenge

  2. (ip.geoip.continent eq “AS”) or (ip.geoip.continent eq “AF”) or (ip.geoip.country eq “RU”)
    … Which is Continent - Asia OR Continent - Africa - OR Country - Russia THEN Block

I have nothing pertaining to geo-filtering running at either the VM level nor the Google Cloud Platform firewall level.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.