Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 3 answers
  • Subscribers 28 subscribers
  • Views 879 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPF Softfail - Quarantine

wesley Duggan

I have seen a lot of posts regarding softfails on SPF. most of them seem to revolve around receiving spoofed mail from ones own domain, however we have been receiving a lot of spoofed emails from a bank who has softfail configured for their DMARC policy. 

Id like to know if there is a way we can configure softfails on these checks to result in a quarantine rather than just allowing them through.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Vishal_R

    Thanks for your response. I do already have DKIM verification enabled. However the bank in question currently has their DMARC policy set to none so SPF and DKIM verification will pass regardless if they don't actually align. I would prefer these mails get quarantined. 

    I have been tracking this banks SPF, DKIM & DMARC config for quite some time now. 

Children
  • 0 in reply to wesley Duggan

    That is not supported in SFOS. Central Email could block / quarantine those emails. Softfail should not be used in the wild for such scenarios. You should look into this and change it at least for your domain to hardfail. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I dont control the domain in question. this bank has had extremely relaxed security policy when it comes to email for the last 4 years ive been monitoring it. They also happen to be the major source of spam or malicious emails for us.

    A bit disappointed that this is not available in XG with an email protection license and that we would have to add on another subscription to our list.

  • 0 in reply to wesley Duggan

    That is one of the reason, it is on the a la card section on SFOS. So you can actually decide to do it on the firewall or in Central. Central could be a better match for you. You can talk to sales to get the remaining run time get accounted and move to Central. 

    BTW: Just to be clear: In SFOS you cannot interact on Softfail per se, but the technologies to block a Email based on other criteria is there (DMARC for example). 

    __________________________________________________________________________________________________________________

Unfiltered HTML