Summary
You can enable or disable SPF to allow HES to evaluate the legitimacy of sender's email address before delivering the email to the recipient.
Details
To enable or disable SPF:
- Go to Inbound Protection > Sender Policy Framework (SPF) Peers.
- To enable SPF in HES, tick the Enable Sender Policy Framework checkbox.
To disable SPF, clear the Enable Sender Policy Framework checkbox. - Click OK on the confirmation dialog box.
The confirmation dialog box only appears if the domain selected in Managed Domain is all my domains.
- If you want to insert an X-Header into email messages, select this option then click OK on the confirmation dialog box.
Other notes:
-
Additional implementation on the SPF Record:
-
When using HES Outbound scanning, the following is the recommended SPF record:
v=spf1 include:spf.hes.trendmicro.com –all
-
When you are not using HES Outbound scanning, the following is the recommended SPF record:
v=spf1 ip4:IP_OF_YOUR_OUTGOING_MTA
You may add additional record depending on your environment. -
- Make sure that your firewall is only accepting email traffic from HES IP. For more information, refer to this KB Article: Accepting emails coming only from Hosted Email Security (HES) servers.
- For additional security against spoofing, refer to the RFC Article: Mail Security and Spoofing.
