Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

Thread Info
  • State Not Answered
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 85 views
  • Users 0 members are here
Options
Suggested

Where is successful SPF check documented

flomb
4 days ago

Where does the UTM document whether it successfully validated SPF records? and with which IP and or Domain it was validated?

I have to investigate a phishing campaign and i have access to the email itself as well as the smtp log file. 

In neither of them i can see any SPF check results. 

SPF is and was enabled.

Parents
  • 0 2 days ago

    Hallo,

    The sending domain must specify SPF for it to be checked.  In the SMTP Proxy log, search for SPF and spf to see passes and failures.

    Post the headers from the email here with your private information obfuscated.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 2 days ago

    Hallo,

    The sending domain must specify SPF for it to be checked.  In the SMTP Proxy log, search for SPF and spf to see passes and failures.

    Post the headers from the email here with your private information obfuscated.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML