Answer
To perform the Sender Policy Framework (SPF) check, GFI MailEssentials will retrieve the TXT type DNS record of the domain in the FROM email address. The SPF details will be found in this type of record, and this will contain information on the IP addresses which are allowed to send for the particular domain.
At the end of the SPF record, the administrator of the domain will indicate how SPF processing systems should threat IP addresses which are not found in this list. This will be indicated by the sign before the all command and will cause emails sent from IP addresses which are not found in the list to be categorized as one of the following:
- None This result is given when no SPF records are published for the domain
- Unknown This result is given when GFI MailEssentials cannot determine the sending mail servers from the SPF record published. This normally indicates that the SPF record for the domain is incorrectly formatted
- Neutral The domain owner has explicitly stated that they cannot or do not want to assert whether the IP address is authorized or not. This result is given when the SPF record specifies the ?all command
- Pass This result is given when the SPF record designates the sending IP address to be allowed to send. This result is normally given only to a restricted set of IP addresses, and is normally not specified in the all command. This will be shown with a + sign in front of the IP addresses allowed to send for the domain
- Fail The Fail result is given when the SPF record does not designate IP addresses to send emails for the particular domain other then the ones specified in the record. When the -all command is used in the record, and the sending mail server s ip address is not marked as allowed in the domain s SPF record, the SPF check will result in Fail
- SoftFail This result should be treated as somewhere between Fail and Neutral . It is given when the SPF record does not explicitly designate IP addresses to send emails for the particular domain other then the ones specified in the record. When the SPF record specifies the '~all' command, all IP addresses which are not explicitly listed in the record will cause a SoftFail result
After GFI MailEssentials checks the SPF record, and determines the result for the particular email being scanned, it will action the email according to the Block level specified in the Sender Policy Framework configuration as follows:
- Never No mails will be blocked by the SPF module in GFI MailEssentials
- Low Mails which return a 'fail' results will be blocked
- Medium Mails which return 'fail' or 'softfail' results will be blocked
- High Mails which return 'fail , 'softfail', 'neutral', none or unknown results will be blocked
Note: If a company lacks an SPF record, emails from this company will only be blocked if the SPF Block level in GFI MailEssentials is set to High