How Mailprotector uses SPF to prevent spoofing

Description

SPF (Sender Policy Framework) validation is one method used to prevent unauthorized outbound email servers from sending messages on behalf of a domain. Domain administrators publish SPF information in TXT records in DNS. The SPF TXT record identifies authorized outbound email servers. Destination email systems, like Mailprotector, verify that messages originate from authorized outbound email servers.

SPF checks in CloudFilter

Mailprotector evaluates SPF against the Sender, From, and Reply-To addresses of an email. But, filtering decisions are only made on the Sender addresses' SPF check per the Sender Policy Framework RFC.

NOTE: Mailprotector's SPF checks against the From and Reply-To addresses are for informational and statistical purposes only.

Reading log results for SPF validation

2019-12-13_09-57-40.png

When viewing the log detail of an email in the Console, SPF validation results will be listed if sufficient SPF information is available. The image above shows an example email with SPF validation results.

The yellow highlighted result, SPF Pass, is the Sender address result stating the email has come from an authorized email server. If this result were SPF Soft Fail or SPF Hard Fail, that would indicate the Sender address did not match an authorized email server and could be quarantined based on the filtering configuration.

The green highlighted results, SPF Pass (From) and SPF Pass (Reply-To), indicate the From and Reply-To addresses also passed an SPF check. If these addresses were in the Sender field, the message would still validate. If either of these were a failure, it would provide insight into the email's different addresses, but it would not be used for a filtering decision.

 

Have more questions? Submit a request

Comments