Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
gmichailidis
Staff
Staff

Created on ‎09-22-2022 10:11 AM

Article Id 224539

Technical Tip: Implementing SPF check for protected domains when using private DNS server

Description

 

This article describes how to successfully perform SPF check on mails from protected domains, when using a private DNS.

 

Scope

 

All FortiMail

 

Solution

 

When internal mail flow reaches the FortiMail from an authorized public IP address and the FortiMail performs SPF check based on the private DNS server, for the SPF check to be successful:

 

- verify that SPF records are published on the private DNS server OR

- consider using a public DNS server instead

 

Verify if the records are published on the private DNS server, also through the FortiMail CLI.

 

Query the configured private DNS for the SPF TXT records:

 

# execute nslookup name domain.com type txt

 

Compare the previous results, with the results from any public DNS server:

 

# execute nslookup name domain.com type txt server 208.91.112.52

Labels:
635
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.