You can enable or disable SPF to allow HES to evaluate the legitimacy of sender's email address before delivering the email to the recipient.
To enable or disable SPF:
- Go to Inbound Protection > Sender Policy Framework (SPF) Peers.
- To enable SPF in HES, tick the Enable Sender Policy Framework checkbox.
To disable SPF, clear the Enable Sender Policy Framework checkbox. - Click OK on the confirmation dialog box.
The confirmation dialog box only appears if the domain selected in Managed Domain is all my domains.
- If you want to insert an X-Header into email messages, select this option then click OK on the confirmation dialog box.
Other notes:
-
Additional implementation on the SPF Record:
-
When using HES Outbound scanning, the following is the recommended SPF record:
v=spf1 include:spf.hes.trendmicro.com –all
-
When you are not using HES Outbound scanning, the following is the recommended SPF record:
v=spf1 ip4:IP_OF_YOUR_OUTGOING_MTA
You may add additional record depending on your environment. -
- Make sure that your firewall is only accepting email traffic from HES IP. For more information, refer to this KB Article: Accepting emails coming only from Hosted Email Security (HES) servers.
- For additional security against spoofing, refer to the RFC Article: Mail Security and Spoofing.