You can enable or disable SPF to allow HES to evaluate the legitimacy of sender's email address before delivering the email to the recipient.
To enable/disable SPF:
- Go to Inbound Protection > Sender Policy Framework (SPF) Peers.
-
- To enable SPF in HES, tick the Enable Sender Policy Framework checkbox.
- To disable SPF, clear the Enable Sender Policy Framework checkbox.
Click image to enlarge
-
Click OK on the confirmation dialog box.
The confirmation dialog box only appears if the domain selected in Managed Domain is all my domains.
-
If you want to add the SPF check result into the email message's xheader, select Add SPF DNS check result into message's xheader, then click OK on the confirmation dialog box.
To disable this setting, clear the Add SPF DNS check result into message's xheader checkbox.
Click image to enlarge
Other notes:
-
Additional implementation on the SPF Record:
-
When using HES Outbound scanning, the following is the recommended SPF record:
v=spf1 include:spf.hes.trendmicro.com –all
-
When you are not using HES Outbound scanning, the following is the recommended SPF record:
v=spf1 ip4:IP_OF_YOUR_OUTGOING_MTA
You may add additional record depending on your environment. -
- Make sure that your firewall is only accepting email traffic from HES IP. For more information, refer to this KB Article: Accepting emails coming only from Hosted Email Security (HES) servers.
- For additional security against spoofing, refer to the RFC Article: Mail Security and Spoofing.
