Placing your SPF Rule for None SPF to Do not Intercept Message for OOO emails and do the following policy configuration in Inbound Protection > Content Filtering > Content Policy
The Policy should be in this order:
- Allowing OOO Emails
- Quarantine SPF None Emails
Below are the steps:
- In Inbound Protection > Content Filtering > Content Policy
- Click Add.
- Enter the name of the Policy and Enable it.
- Under Scanning Criteria > Select Specified header matches and Body matches and Change the Condition to All Match
Click the image to enlarge.
- For Keyword Expression for the Specified header matches, Select Other and enter X-TM-Received-SPF:
Click the image to enlarge.
- For the Keyword Expression Click Add and click Add Again
- Add the following keyword below. Click Save once done.
Click the image to enlarge.
- For the Subject match, Add a new Keyword Expression.
- The Keyword expression below is an example for you to use and it will depend on the OOO emails you have been receiving based on the contents of the subject.
Click the image to enlarge.
- Click Save Once Done.
- On the Actions Tab, Select Deliver Now.
Click the image to enlarge.
Once done click Save and place the policy in the 1st order.
The Next Policy would be the SPF None Policy which will quarantine any Email that has SPF None
- In Inbound Protection > Content Filtering > Content Policy
- Click Add.
- Enter the name of the Policy and Enable it.
- Under Scanning Criteria > Select Specified header matches
- For Keyword Expression for the Specified header matches, Select Other and enter X-TM-Received-SPF:
Click the image to enlarge.
- Add the created Keyword earlier to the policy. Click Save Once Done.
Click the image to enlarge.
- On the Actions Tab, Select Quarantine. Once Done Click Save
Click the image to enlarge.
- Place the policy following the Policy that we have created earlier in the 2nd priority
The Policy should be in this order:
- Allowing OOO Emails
- Quarantine SPF None Emails