Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

Where is successful SPF check documented

Where does the UTM document whether it successfully validated SPF records? and with which IP and or Domain it was validated?

I have to investigate a phishing campaign and i have access to the email itself as well as the smtp log file. 

In neither of them i can see any SPF check results. 

SPF is and was enabled.

Parents
  • Hallo,

    The sending domain must specify SPF for it to be checked.  In the SMTP Proxy log, search for SPF and spf to see passes and failures.

    Post the headers from the email here with your private information obfuscated.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo,

    The sending domain must specify SPF for it to be checked.  In the SMTP Proxy log, search for SPF and spf to see passes and failures.

    Post the headers from the email here with your private information obfuscated.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data