This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPF setup (or internal) question

Hello, 

We have our utm setup as an incoming mail relay for various domains.

Problem is now that when someone spoofs the from adres, as one of our internals, it gets passed thourgh,

In the past we had some issue;s whn turning on SPF check.

My question now i, what if we turn on SPF check again. 

 

What happens to mail from domains that have no SPF at all???

 

Henk-Jan



This thread was automatically locked due to age.
Parents
  • SPF enforcement should have no effect on domains with no SPF record.

    SPF only checks the SMTP From, not the header From seen by users.  So it may help with sone but not all of the spam.

    The SMTP From is supposed to represent the logged in user at the sending system.  Some websites that use your email as login think that gives them the right to send mail on your behalf using your email address.  This violates SPF, so watch for desired mail getting blocked.

    Plenty of businesses have SPF entries that end in maybe (?all) or softfail (~all) .  These are probably handled by UTM the same as no SPF arecord at all

  • So in a UTM, when you choose to use SPF, the mail with no SPF will be marked as spam? 

     

     
     
    So if some of the people who mail us, did not add an SPF record for their domain, their messages will not be flagged as spam or even denied?
     
    Unfortunatly I have no way of testing the SPF behavious on a UTM for incoming mail.
    So I wanted to know what risk I might be facing.
  • If no SPF is set up for a domain the email passes normal. I think this would be RFC conform in every system.

    In my mind SPF is a system without very harmful potential, but with even not 100% guaranteed protection. So give it a try.

    Best

    Alex

    -

Reply Children
No Data