Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SPF Record Question
  •  
tonyswu

Messages: 271
Karma: 5
Send a private message to this user
Hi,

Question about SPF record. Does it check against the FROM address, or the Return-Path? Cause I keep getting spam messages from an address that spoof as if it's coming from our own domain. The source of the email header is below (actual domain name substituted with COMPANY.COM):

Return-Path: <Unity_UNITY1<_at_>brentwoodca.gov>
X-Spam-Status: No, hits=3.3 required=5.0
tests=DNSBL_ZEN.SPAMHAUS.ORG: 5.00,BAYES_00: -1.665,TOTAL_SCORE: 3.335,autolearn=ham
X-Spam-Level: ***
Received: from aexp.com ([198.104.198.254])
by kerio.universalmac.com (Kerio Connect 7.4.1)
for USER<_at_>COMPANY.COM;
Wed, 23 Oct 2013 08:44:14 -0700
Received: from voice057.COMPANY.COM (10.0.0.120) by COMPANY.COM (10.0.0.176) with Microsoft SMTP Server (TLS) id UUW5JF97; Wed, 23 Oct 2013 07:44:13 -0800
Received: from voice3478.COMPANY.COM (10.11.198.49) by smtp.COMPANY.COM (10.0.0.85) with Microsoft SMTP Server id 6CAF8W0X; Wed, 23 Oct 2013 07:44:13 -0800
Date: Wed, 23 Oct 2013 07:44:13 -0800
From: Administrator <voice7<_at_>COMPANY.COM>
X-MS-Has-Attach: yes
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator: <Y56WO6TLSIQJTWU29RS3FS4ZW7ECNBGH9V6XOQ<_at_>COMPANY.COM>
X-MS-Exchange-Organization-AuthSource: 76N1AOSC27ZDFP3<_at_>COMPANY.COM
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 02
X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;7;0;0 0 0
X-Priority: 3 (Normal)
Message-ID: <L8AJF0X7NAAZ5M61N30T3BQSSBP3667WVGG9PA<_at_>COMPANY.COM>
To: <USER<_at_>COMPANY.COM>
Subject: Voice Message from Unknown (477-754-3664)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=" _008_M2C7BOM8BV5UGCIBOTMOX3UPY5S6YW5RCPKOSUWD9MJ30GHQ1BAIPWU _ "

--_008_M2C7BOM8BV5UGCIBOTMOX3UPY5S6YW5RCPKOSUWD9MJ30GHQ1BAIP WU_
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit

- - -Original Message- - -
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
SPF checks the MAIL FROM email address in SMTP, which is then saved into Return-Path header.
Caller-ID checks From,Sender headers in the email.

I recommend to use new options about sender identity check in the Security tab in Kerio Connect 8.2. This will prevent spammers to misuse your local domain and email addresses from your domain.
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
Setting up an SPF and a CallerID record in your DNS will certainly help this.... BUT, make sure that you know where all of the mail is being sent from our your company's behalf. So if you have a marketing firm that is sending out newsletters or a company that is sending out statements or a company sending out bills on your behalf, you will need to include information about their mail servers also in your SPF and CallerID records that you setup. Otherwise those legit emails can end up getting marked as forged spam.
Previous Topic: Meeting requests in shared calendar
Next Topic: Kerio Connect 8.2 and Windows 8.1
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Sep 20 04:09:01 CEST 2017

Total time taken to generate the page: 0.00402 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.