Recently a client asked us for a solution to an on-going spam problem they were having with an email service connected to Salesforce.

Recently a client asked us for a solution to an on-going spam problem they were having with an email service connected to Salesforce.  While there are many great products that integrate with the recipient email server this client had some very specific requirements on inbound routing that made the integration of these into their salesforce environment difficult.

So, what I’m saying is this is not the way to fix this problem and if you have any other approach I would highly recommend you follow this first!

However if your prepared to bend best practice and apply a few hacks to this problem, read on!

SpamHaus provides a reverse lookup service that would allow us to determine if a sender was from a known spam domain, the problem is that this service works based on a DNS lookup.  While Salesforce has come a long way in terms of functionality – direct access to this protocol is unlikely.

A DNS lookup can be triggered by opening a request to the host using something that Salesforce does support – HTTP.  Therefore we can create an HTTP request and confirm if the hostname exists, if it does …. Its Spam!

boolean isSpam = false;

try{

Http h = new Http();

HttpRequest req = new HttpRequest();

req.setEndpoint(urlEndpoint);

req.setMethod(‘HEAD’);

HttpResponse res = h.send(req);

}catch(System.CalloutException exCallout){

isSpam = exCallout.getMessage().contains(‘403’);

}

I wanted the implementation to be as lightweight as possible so I’m only using a HEAD Method.

SpamHaus support a REVERSE lookup, so the hostname supplied from the email header also needs to be reversed, so instead of looking for bob@someplace.com we actually should be performing the DNS lookup on com.someplace

public static string reverseAddress(string ipAddress) {

string result = ”;

string[] ipArray = ipAddress.split(‘\\.’);

for( integer i = ipArray.size()-1; i>=0; i–)

result += ipArray[i] + ( i==0 ?  ” : ‘.’);

return result;

}

The last problem to resolve is that of the authorisation of the endpoints we are calling using the above process.  To do this I used some code from the crew at FinancialForce that allows for a deployment of Remote Site settings.

I’ll save that for the next post!

 

-Mark

Leave a Reply

Your email address will not be published. Required fields are marked *