Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • Locked Locked
  • Replies 0 replies
  • Subscribers 17 subscribers
  • Views 5127 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPF Implementation in Sophos Email is Terrible

AlexBruce

The recent new feature for rejecting email based on SPF Fail is implemented very very poorly.

The email is rejected at the SMTP level (after RCPT TO) with the completely useless message "550 5.7.1 Command rejected"

This does not communicate to the sender why the email was rejected. If the sender has not setup SPF correctly they will be rejected and not know why.

Please this should be changed to a useful message.  Use the OpenSPF Why? API is usually the best way if possible http://www.openspf.org/Why/API

 

Second issue is that emails rejected because of SPF are not seen in the history so there is no proactive way to allow a site based on what is seen in the history.

This issue is not to bad if the first issue is addressed. Sophos currently dont report on blocked IPs per customer either which is understandable.



Edited tags
[edited by: Raphael Alganes at 7:04 AM (GMT -7) on 10 May 2023]
Unfiltered HTML