Staff & Editor

Technical Tip: Enforce the SPF/DKIM/DMARC check for Safe listed sender

Description

This article describes how to configure the FortiMail to enforce the SPF/DKIM/DMARC check for Safe Safe-listed sender.

Scope

FortiMail.

Solution

By default, the email will bypass the entire antispam scanning if the sender is being added to the safe list.
Run the following CLI command to disable the option 'safelist-bypass-sender-auth'.

config antispam settings
set safelist-bypass-sender-auth disable
end

When the option 'safelist-bypass-sender-auth' is disabled, if the SPF/DKIM/DMARC check fails, the result of the SPF/DKIM/DMARC will take precedence.

An example log where the 'SPF Failure' is detected even though the sender was in the domain safelist.

Sign up