SPF setup (or internal) question

Question

Hello, 
 We have our utm setup as an incoming mail relay for various domains. 
 Problem is now that when someone spoofs the from adres, as one of our internals, it gets passed thourgh, 
 In the past we had some issue;s whn turning on SPF check. 
 My question now i, what if we turn on SPF check again. 
 
 What happens to mail from domains that have no SPF at all??? 
 
 Henk-Jan

apijnappels · Answer

We use SPF check on our UTM since long and also receiving mail on 4 different domains on the UTM. 
 SPF-check checks the sending domain's domain for an existing SPF-record. If none exists there simply is nothing to check and mail is accepted. 
 If a record does exist and ends in -all (reject all others) then the UTM will reject (quarantine) mail that is sent from somewhere it is not configured to be sent from by the domain owner of the sending domain. 
 In our experience those domains ending in -all usually have the record pretty nicely configured and mail will come through. We once had a client that switched internet provider and forgot about the SPF-record. This was a reason form all mails from this client to be quarantined until they reconfigured their SPF-record again.