Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 4 subscribers
  • Views 40876 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rejected: SPF (SPF check failed)

dijsil

I have received a complaint that an email hasn't been replied to and according to a user within our company he didn't receive it.

after checking from the mail manager there were 3 emails from same person on different dates one of them passed and the others got rejected due to SPF check failed.

Any ideas ?

 



This thread was automatically locked due to age.
Parents
  • 0

    SPF is a very weak defense.  Most spammers have it configured correctly and many legitimate senders have mistakes.  SPF only matches the internal authorized-as information to the source IP address, and that internal identifier is often unrelated to the "From" information seen by the user.

    If UTM would allow simulation of the impact, it might be useful., but at present I find it useless.

  • 0 in reply to DouglasFoster

    SPF comes late in the SMTP conversation, just before DATA, I think.  It's no wonder that it is responsible for only about 0.4% of rejections.  RDNS/HELO and RBLs are responsible for 80+% of rejections.  I suspect that the SPF rejections would wind up in the quarantine as probable spam.

    Doug's correct that, especially in the beginning, you must keep an eye on SPF rejections in order to create Exceptions for desired senders.  So, in the UTM today, for overloaded admins, I would no longer suggest selecting the SPF check on the 'Antivirus' tab although that does mean that your Proxy will be responsible for some backscatter to domains whose address was forged in the Reply-To field.

    However, it is recommended to have a robust SPF record in your authoritative name server.  You will want to start with ?all and get to -all once you've identified all of your valid sender IPs.  Hopefully, other people will continue to check SPF.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to DouglasFoster

    SPF comes late in the SMTP conversation, just before DATA, I think.  It's no wonder that it is responsible for only about 0.4% of rejections.  RDNS/HELO and RBLs are responsible for 80+% of rejections.  I suspect that the SPF rejections would wind up in the quarantine as probable spam.

    Doug's correct that, especially in the beginning, you must keep an eye on SPF rejections in order to create Exceptions for desired senders.  So, in the UTM today, for overloaded admins, I would no longer suggest selecting the SPF check on the 'Antivirus' tab although that does mean that your Proxy will be responsible for some backscatter to domains whose address was forged in the Reply-To field.

    However, it is recommended to have a robust SPF record in your authoritative name server.  You will want to start with ?all and get to -all once you've identified all of your valid sender IPs.  Hopefully, other people will continue to check SPF.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML