No results found. You can ask us instead.
No results found. You can ask us instead.
Phone Lines icon GFI Support Home Start a conversation Sign in
No results found. You can ask us instead.
Start a conversation
  1. GFI MailEssentials
  2. GFI MailEssentials - Anti-Spoofing
  3. Articles

Internal email marked as spoofed

Overview

Internal emails are marked as spoofed in an Exchange and 0ffice 365 hybrid environment. Antispoofing logs consistently show that emails originating from these IP's are considered spoofed:

2020-10-21,12:56:37,665,1,"#00002d08","#000004fc","info  ","ase_antispoofing","Connecting IP [104.47.101.59]"
2020-10-21,12:56:37,665,1,"#00002d08","#000004fc","info  ","ase_antispoofing","SMTP mail sender address [<email address>]"
2020-10-21,12:56:37,665,1,"#00002d08","#000004fc","info  ","ase_antispoofing","SMTP mail sender domain is associated with a local user account"
2020-10-21,12:56:37,665,1,"#00002d08","#000004fc","info  ","ase_antispoofing","Message IS spoofed"

Solution

Some of the listed IP ranges are missing in the antispoofing filter configuration. Obtain the complete list of IP's from the Office 365 URLs and IP address ranges article.

Add the missing IPs to the list as described in the Enabling and configuring Anti-Spoofing article.

Make sure that your local SMTP server's IP address is added to the Perimeter Server configuration.

Note

More details related to how to access the Microsoft IP Web Service may be found in the Office 365 IP Address and URL web service article.

Testing

Internal emails are no longer marked as spoofed. If the issue persists, contact GFI MailEssentials Support.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted 16 days ago
  3. Updated 16 days ago

Comments