SpamTitan

SPF Settings

SPF (Sender Policy Framework) allows the owner of a domain to use special DNS records to specify which machines are authorized to transmit e-mail for that domain. When receiving a message from a domain, the receiver can check the DNS records to ensure the mail is coming from locations that the domain has authorized. 

When enabled in SpamTitan, messages that fail the SPF test will be rejected. This option is disabled by default as it can result in mail being rejected from domains with incorrectly configured SPF records, so it should be used with caution.

Warning

There is a performance penalty for all messages when using SPF, as multiple DNS queries must be performed to retrieve a domain's SPF record.

Go to System Setup > Mail Authentication > SPF to manage your SPF settings. Click Enable to enable SPF and view the settings (default: disabled).

STG-SPF-enabled-settings.jpg

Note

If DMARC is enabled in SpamTitan Gateway, the behavior of SPF may change. See DMARC and SPF.

  1. SPF Reject on Failure: Enable this setting to reject email that fails SPF. Disable to allow email, even if it fails SPF (default: enabled).

  2. SPF Reject on DMARC none policy: An email that fails SPF can be accepted by the receiving server if the DMARC policy allows it, as the DMARC policy overrides SPF by default. A DMARC policy with "p=none" indicates that mail that fails DMARC will still be accepted.

    Enabling this setting allows you to configure SpamTitan to reject email that fails SPF, even if there is a DMARC policy with a "p=none" value that would normally result in the email being delivered (default: disabled).

  3. SPF Bypassed IPs/Networks: IP addresses and networks can bypass SPF checks if they are added to the SPF Bypassed IPs/Networks list.

    • To add an entry, click Add... and the SPF window displays. Using the table below as a reference, complete the fields. Click Save to save this entry.

    • To edit an existing entry, click the edit ST-701-edit-button.jpg icon in the Options column and the SPF dialog box displays. Using the table below as a reference, edit the fields. Click Save to save changes.

    • To delete an entry, click the delete ST-701-delete-button.jpg icon in the Options column.

      Field

      Description

      IP/Network:

      An individual IP address or network range you want to bypass SPF checks.

      Netmask:

      Select the netmask for the specified IP address. Individual IPv4 addresses have a /32 (255.255.255.255) netmask.

      Address Type:

      IPv4 (default) or IPv6.

      Comment:

      Optional comment for this entry.