You can enable or disable SPF to allow HES to evaluate the legitimacy of sender's email address before delivering the email to the recipient.
To enable/disable SPF:
- Go to Inbound Protection > Sender Policy Framework (SPF) Peers.
- To enable SPF in HES, tick the Enable Sender Policy Framework checkbox.
- To disable SPF, clear the Enable Sender Policy Framework checkbox.
Click OK on the confirmation dialog box.
The confirmation dialog box only appears if the domain selected in Managed Domain is all my domains.
If you want to insert an X-Header into email messages, select this option then click OK on the confirmation dialog box.
Additional implementation on the SPF Record:
You may add additional record depending on your environment.
When using HES Outbound scanning, the following is the recommended SPF record:
v=spf1 include:spf.hes.trendmicro.com –all
When you are not using HES Outbound scanning, the following is the recommended SPF record:
- Make sure that your firewall is only accepting email traffic from HES IP. For more information, refer to this KB Article: Accepting emails coming only from Hosted Email Security (HES) servers.
- For additional security against spoofing, refer to the RFC Article: Mail Security and Spoofing.