Home » Kerio User Forums » Kerio Connect » SPF Record Question

Messages: 86
Karma: 5
Send a private message to this user

Question about SPF record. Does it check against the FROM address, or the Return-Path? Cause I keep getting spam messages from an address that spoof as if it's coming from our own domain. The source of the email header is below (actual domain name substituted with COMPANY.COM):

Return-Path: <Unity_UNITY1<_at_>brentwoodca.gov>
X-Spam-Status: No, hits=3.3 required=5.0
tests=DNSBL_ZEN.SPAMHAUS.ORG: 5.00,BAYES_00: -1.665,TOTAL_SCORE: 3.335,autolearn=ham
X-Spam-Level: ***
Received: from aexp.com ([])
by kerio.universalmac.com (Kerio Connect 7.4.1)
Wed, 23 Oct 2013 08:44:14 -0700
Received: from voice057.COMPANY.COM ( by COMPANY.COM ( with Microsoft SMTP Server (TLS) id UUW5JF97; Wed, 23 Oct 2013 07:44:13 -0800
Received: from voice3478.COMPANY.COM ( by smtp.COMPANY.COM ( with Microsoft SMTP Server id 6CAF8W0X; Wed, 23 Oct 2013 07:44:13 -0800
Date: Wed, 23 Oct 2013 07:44:13 -0800
From: Administrator <voice7<_at_>COMPANY.COM>
X-MS-Has-Attach: yes
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-AuthSource: 76N1AOSC27ZDFP3<_at_>COMPANY.COM
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 02
X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;7;0;0 0 0
X-Priority: 3 (Normal)
Subject: Voice Message from Unknown (477-754-3664)
MIME-Version: 1.0
Content-Type: multipart/mixed;

Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit

- - -Original Message- - -
Pavel Dobry (Kerio)

Messages: 2057
Karma: 251
Send a private message to this user
SPF checks the MAIL FROM email address in SMTP, which is then saved into Return-Path header.
Caller-ID checks From,Sender headers in the email.

I recommend to use new options about sender identity check in the Security tab in Kerio Connect 8.2. This will prevent spammers to misuse your local domain and email addresses from your domain.

Messages: 342
Karma: 46
Send a private message to this user
Setting up an SPF and a CallerID record in your DNS will certainly help this.... BUT, make sure that you know where all of the mail is being sent from our your company's behalf. So if you have a marketing firm that is sending out newsletters or a company that is sending out statements or a company sending out bills on your behalf, you will need to include information about their mail servers also in your SPF and CallerID records that you setup. Otherwise those legit emails can end up getting marked as forged spam.
Previous Topic: Meeting requests in shared calendar
Next Topic: Kerio Connect 8.2 and Windows 8.1
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 16 22:51:30 CET 2018

Total time taken to generate the page: 0.77857 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.