SPF fail

From Roaring Penguin
Revision as of 12:24, 22 April 2014 by MCoyne (talk | contribs)

Jump to: navigation, search

The use of an organization's advertised SPF is a moderately effective anti-spam technique. What it does is allow the recipient to check that an email sender is coming from a valid email server for the organization's domain, i.e., checks if domain is being spoofed.

Unfortunately many organization have incorrectly configured or incomplete SPF settings which cause inappropriate soft-fails or fails when checked. The most useful way to resolve this is to inform the organization so they can fix their SPF settings. Unfortunately, this historically has only proven moderately successful.

In Canit you basically have two approach you can take to fix the problem.

If you go to Preferences->Quarantine Settings under the heading "Sender/Recipient Settings" you will find settings S-910, S-915, S-920 and S-925 which deal with SPF. By default these are set to "Yes". You can selectively set these to "No". This could be done in the user's stream if the problem is localized or the default stream of the realm if a general problem. Note that this will completely disable all SPF checking within the scope of the setting.

The second option, which we would recommend if the problem is limited to one domain or a small set of domains, would be to define an SPF rule to lower the score given for soft-fails or fails for the domain(s) in question. This is done by:

  • - Go to Rules->SPF Rules,
  • - Enter the domain in the box and set the fail and softfail values to 0. (Since release 9.0.14 if you do this CanIt will actually honor the whitelist.)
  • - Click Submit Change

This can be done in either the user's or default stream, whichever is appropriate.