MPmail SPF Checking

Description

This article will cover the SPF checking options in MPmail. As default, SPF checking is performed on inbound email but the result only adds to the overall spam score.

Requirements

The Process

The SPF Record will distinguish between a hard- or a soft-fail, which explains how the system will handle an email where the SPF Record does not fit. The TXT record will need to add:

  • Hard-fail –all: Emails where the "MAIL FROM:" does not match the SPF Record will be rejected. Emails where the "FROM:" does not match the SPF Record for the "MAIL FROM:" will be moved to the spam quarantine 
  • Soft-fail ~all: Emails not matching the SPF Record will be moved into spam quarantine

Available SPF Filter Options

Type 1 / Internal SPF/TXT checking 

  • We will check the SPF record for for only the domain names listed on the customer account. This includes the primary domain name and any alias domain name(s)
  • Emails from other domain names will not be SPF checked
  • Checking of the "MAIL FROM:" address (envelope sender) against the SPF record of "MAIL FROM:" domain name

Emails that fail with an SPF Hard-fail will be rejected at the boundary of the filtering service

Emails that fail with an SPF Soft-fail will be quarantined with the reason code "asespf7-1"

  • Checking of the "FROM" address against the SPF record of "MAIL FROM:" domain name

Emails that fail (Hard & Soft-fail) will be quarantined with the reason code "asespf7-1"

Type 2 / Internal and External SPF checking

  • We will check the SPF record for all inbound email
  • Checking of the "MAIL FROM" address (envelope sender) against the SPF record of "MAIL FROM:" domain name

Emails that fail with an SPF Hard-fail will be rejected at the boundary of the filtering service

Emails that fail with an SPF Soft-fail will be quarantined with the reason code "asespf7-2"

  • Checking of the "FROM" address against the SPF record of "MAIL FROM:" domain name

Emails that fail (Hard & Soft-fail) will be quarantined with the reason code "asespf7-2"

  • Please note that normally SPF filtering only checks the "MAIL FROM:" address. However, on MPmail, our SPF filtering is more stringent and also checks the "FROM:" address against the published SPF record of the "MAIL FROM:" address. Therefore this filter is extremely good at stopping spoofed email. However, genuine email from a 3rd party senders may be stopped where they are spoofing the "FROM:" address. This can occur with marketing emails or emails generated via 3rd party hosted services, e.g. hosted CRM, backup alerts, etc.

Enabling SPF Checking

The next step is to contact the MPmail support team and to request SPF checking of inbound email to be enabled. In your support request you need to provide:

  • Primary domain to enable SPF checking
  • Any alias domains to enable SPF checking
  • What type of SPF checking is required