Overview
This filter uses SPF records to stop email sent from forged IP addresses by identifying if the sender IP address is authorized. The Sender Policy Framework filter is based on a community-based effort, which requires that the senders publish the IP addresses of their mail servers in an SPF record.
For example, if an email is sent from xyz@CompanyABC.com then companyABC.com must publish an SPF record in order for SPF to be able to determine if the email was really sent from the companyABC.com network or whether it was forged. If an SPF record is not published by CompanyABC.com, the SPF result will be unknown.
For more information on the Sender Policy Framework and how it works, refer to the SPF website.
NOTE: GFI MailEssentials does not make it a requirement to publish an SPF record.
The SPF filter is not enabled by default and it is recommended to enable this option and to have this filter running prior to the Email Whitelist to block forged senders before these are whitelisted.
Step-By-Step Guide
Before enabling the Sender Policy Framework filter on a non-gateway server installation:
- In GFI MailEssentials, go to General Settings > Perimeter SMTP Servers.
- Click Detect in the SMTP Server list area to perform a DNS MX lookup and automatically define the IP address of your perimeter SMTP server.
Enabling the Sender Policy Framework
- In GFI MailEssentials, go to Anti-Spam > Anti-Spam Filters > Sender Policy Framework.
- Click Enabled to enable the Sender Policy Framework filter.
If the email sender IP address is not authorized to send emails from the sender domain, emails are blocked. - (Optional) Check Enable Advanced SPF filtering and choose one of the advanced options:
Option Description Block SOFT FAIL result Blocks all emails where:
- Sender IP address is definitely not allowed to send emails from the sender domain
- Sender IP address is probably not allowed to send emails from the sender domain.
Block SOFT FAIL, Neutral, Unknown and NONE results Blocks all emails where:
- Sender IP address is definitely not allowed to send emails from the sender domain
- Sender IP address is probably not allowed to send emails from the sender domain.
- Sender IP address is explicitly inconclusive, unknown or for which there is no published data.
- Go to the IP Exceptions or Email Exceptions tab to configure IP addresses and/or recipients to exclude from SPF checks:
- IP exception list: Entries in this list automatically pass SPF checks.
- Check the IP Exception List box, add a new IP address and description and click Add.
- To remove entries, choose the entries from the list and click Remove Selected.
- To disable the IP exception list, uncheck the IP Exception List box.
NOTE: When adding IP addresses to the IP exception list, you can also add a range of IP addresses using the CIDR (Classless Inter-Domain Routing)notation.
- Email exception list: This option ensures that certain email senders or recipients are excluded from SPF checking, even if the messages are rejected.
- Check the Email Exception List box, add a new email address and description and click Add.
- To remove entries, choose the entries from the list and click Remove Selected.
- To disable the Email exception list, uncheck the Email Exception List checkbox.
An email address can be entered in any of the following ways:
-
local part:
abuse
(matches abuse@abc.com, abuse@xyz.com, etc...) - domain:
@abc.com
(matches john@abc.com, jill@abc.com, etc...) - complete:
joe@abc.com
(only matches joe@abc.com)
-
- IP exception list: Entries in this list automatically pass SPF checks.
- Click the Actions tab to choose the actions to perform on messages identified as spam. For additional information about the different actions, refer to GFI MailEssentials Spam Actions.
- Click Apply to save settings.
Confirmation: Once the settings are saved, the specified rules will start applying on new emails.