This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Where is successful SPF check documented

Where does the UTM document whether it successfully validated SPF records? and with which IP and or Domain it was validated?

I have to investigate a phishing campaign and i have access to the email itself as well as the smtp log file. 

In neither of them i can see any SPF check results. 

SPF is and was enabled.



This thread was automatically locked due to age.
Parents
  • Hallo,

    The sending domain must specify SPF for it to be checked.  In the SMTP Proxy log, search for SPF and spf to see passes and failures.

    Post the headers from the email here with your private information obfuscated.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo,

    The sending domain must specify SPF for it to be checked.  In the SMTP Proxy log, search for SPF and spf to see passes and failures.

    Post the headers from the email here with your private information obfuscated.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data