Jump to content

Whitelist a domain from SPF checks

Recommended Posts

I have a customer with an invalid SPF record, which (as expected) causes they messages to be rejected. As yet I've not been able to get them to fix it, so would like to have their domain white-listed from the check, but so far I've been unsuccessful in getting this configured.


I have added their domain to the following white-lists:


  • Approved Senders list
  • Approved domain to IP list
  • Domain to IP white-list (under the greylist/SPF heading)


I have also created a transport rule for messages from their domain that fail the SPF check to skip the anti-spam scan, but neither of these things has helped.


What should I be doing to ensure this mail is delivered, or is it simply not possible to allow for a bad SPF record?


Many thanks!

Link to comment
Share on other sites

  • ESET Staff

Hi Russ,

SPF uses only IP whitelists (or domain to IP). Approved senders list is not used in SPF, it applies only to antispam. The domain to IP lists should work - you could compare resolved IP addresses in GUI with connecting IP (maybe it wasn't resolved?). The rule you created didn't work because if "Automatically reject messages if SPF fails" is enabled, SPF is evaluated right on MAIL FROM command and if it fails, message is rejected right away and no rules/antispam are evaluated.

To handle SPF in rules disable setting "Automatically reject messages if SPF fails" and then create a rule. It could look like:

Condition 1 - Sender's IP address is not (list of customer's IPs)
Condition 2 - SPF result is Failed
Action - Reject message (You should test it with "Log to events" action first to see if it works correctly)

or a simple version (but this one will not protect against spoofing of their own domain)
Condition 1 - Sender's domain is not mydomain.com
Condition 2 - SPF result is Failed
Action - Reject message

Edited by filips
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...