I am having some luck using SPF rules to block additional spam, but the problem is a lot of companies in our supply chain (actually just companies in general) including well known international companies have either busted or incomplete SPF policies. Usually, forgetting to include cloud services like zendesk or an automated B2B documentation system (usually finance documents)
I don't know about you lot, but in my experience these companies rarely have Tech people on staff, and trying to explain to them they need to get their SPF policy fixed is like drawing blood from a stone.
So what do i do? Wait - I know! I'll add the domains to the excluded senders list on the rule, after all that's what it's for right? Mmm, doesn't seem to work. I've followed the help files; *@domain.com but i can't make it work. I went one step further, i made another SPF rule higher up with Included senders, that does work and I've made that into a permanent rule for catching commonly impersonated domains like google and amazonses.
Can anyone confirm this behavior? I have a support case 'on hold' while they try to diagnose another problem I'm having, but this issue is more valuable to me and I'd love to get some confirmation from the community.
Ta.
This thread was automatically locked due to age.
