Here in this article we will understand what is sender policy framework (SPF) and then we will discuss how to implement SPF protection in sophos XG firewall to protect spoofed and spam emails
Overview Of SPF:
Sender Policy Framework (SPF) is an email authentication technique that helps protect email senders and recipients from spam, spoofing and phishing. It defines a way to validate an email message was sent from an authorized email server in order prevent spoofing and spam. It was designed to supplement the SMTP protocol, previously SMTP does not include email authentication mechanisms.
How SPF Work:
SPF establishes a method for receiving mail server to verify that incoming email from a domain was sent from a host authorized by that domain’s administrators.
Step-1: Domain administrator publishes the policy defining IP address that are authorized to send email from that domain. This policy is called SPF record and it is listed as part of overall domain records.
Step-2: When recipient mail server receives an incoming email, it looks up for records in DNS. The mail server then compares the sender IP address with authorized IP address defined in the SPF record.
Configuring SMTP policy In Sophos XG firewall:
Step-1: Login to sophos XG firewall, click on Email and click on policies and exceptions and then click on “SMTP route and scan” as shown in the below screenshot
Enable “spam protection” in SMTP route and scan policy and select “Reject based on SPF“. If the sending email is coming from the unauthorized IP address, then sophos XG firewall will block that email.
Note: Spam action and probable spam action don not apply to SPF check. If SPF check fails the firewall will reject the email.
Hope this article helps you.