E-mail Gateway malicious url e-mail allowed through

Question

we have received an e-mail using an alias/send as from one of our domains. The e-mail was allowed through and leads to a malicious url. We have enabled the setting in E-mail Security to reject e-mails that impersonate one of our domains:

Header anomalies

Email that appears to come from your own domain, but originates externally

Now it wasn&rsquo;t rejected but as this sender does not match our spf or dmarc we feel it should have been quarantined next. It didn&rsquo;t, not as far as I can see in the logs as it only gives delivered successfully. 
 Sophos Support claims it is a false positive and that I should send it to Sophos Labs. I can&rsquo;t do anything with such support answers. 
 Questions: is send as / alias from a non-domain email adress using a send as / alias of one of our e-mail domains not picked up by: 
 a] header anomalies? 
 b] spf and dmarc settings? 
 Regards, 
 Fred

emmosophos · Accepted Answer

Hello Fred, 
 I checked on your case, and Support sent you an email on Jun 23, telling you about some updates, however, there was no reply from your end, or after 3 follow-up emails. 
 In that email, they&rsquo;re asking you to check a configuration related to the Allow List that might be conflicting with your SPF check. 
 Additionally, they provided the following KB , for the error below: 
 Results - PermError SPF Permanent Error: Too many DNS lookups 
 Did you get a change to read that email? 
 Regards,

E-mail Gateway malicious url e-mail allowed through

Top Replies