Question about SPF record. Does it check against the FROM address, or the Return-Path? Cause I keep getting spam messages from an address that spoof as if it's coming from our own domain. The source of the email header is below (actual domain name substituted with COMPANY.COM):
X-Spam-Status: No, hits=3.3 required=5.0
tests=DNSBL_ZEN.SPAMHAUS.ORG: 5.00,BAYES_00: -1.665,TOTAL_SCORE: 3.335,autolearn=ham
Received: from aexp.com ([188.8.131.52])
by kerio.universalmac.com (Kerio Connect 7.4.1)
Wed, 23 Oct 2013 08:44:14 -0700
Received: from voice057.COMPANY.COM (10.0.0.120) by COMPANY.COM (10.0.0.176) with Microsoft SMTP Server (TLS) id UUW5JF97; Wed, 23 Oct 2013 07:44:13 -0800
Received: from voice3478.COMPANY.COM (10.11.198.49) by smtp.COMPANY.COM (10.0.0.85) with Microsoft SMTP Server id 6CAF8W0X; Wed, 23 Oct 2013 07:44:13 -0800
Date: Wed, 23 Oct 2013 07:44:13 -0800
From: Administrator <voice7<_at_>COMPANY.COM>
X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;7;0;0 0 0
X-Priority: 3 (Normal)
Subject: Voice Message from Unknown (477-754-3664)
boundary=" _008_M2C7BOM8BV5UGCIBOTMOX3UPY5S6YW5RCPKOSUWD9MJ30GHQ1BAIPWU _ "
Content-Type: text/plain; charset=koi8-r
- - -Original Message- - -
- Pavel Dobry (Kerio)
SPF checks the MAIL FROM email address in SMTP, which is then saved into Return-Path header.
Caller-ID checks From,Sender headers in the email.
I recommend to use new options about sender identity check in the Security tab in Kerio Connect 8.2. This will prevent spammers to misuse your local domain and email addresses from your domain.
Setting up an SPF and a CallerID record in your DNS will certainly help this.... BUT, make sure that you know where all of the mail is being sent from our your company's behalf. So if you have a marketing firm that is sending out newsletters or a company that is sending out statements or a company sending out bills on your behalf, you will need to include information about their mail servers also in your SPF and CallerID records that you setup. Otherwise those legit emails can end up getting marked as forged spam.
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of