Description
This article describes how to prevent spam from protected domains coming from outside the network.
Scope
FortiMail.
Solution
- The system administrator is required to define the Sender Policy Framework (SPF) to protect the domain.
SPF compares the client IP address to the IP address of the authorized senders in the DNS record.
If the test fails, the email is treated as spam.
"v=spf1 a mx ip4:211.24.155.96/27 -all" - SPF needs to be enabled on the session profile or antispam profile.
- Enable SPF on Session Profile: Go to Profile -> Session and edit 'Inboud_Session Profile', and 'Sender Validation' and enable 'SPF check'.
- To enable SPF in an antispam profile: Go to Profile -> AntiSpam, edit 'AS_Inbound', and enable SPF.
Note:
From firmware 6.0 and later, gradual control over SPF is possible.
Refer to the related articles for more information.
If 'Bypass SPF checking' is selected in the session profile, SPF checking will be bypassed even if this is enabled in the antispam profile.
- If the system requires SPF disabled to receive email from another partner, define an access control policy from internal to internal.
It required the user to authenticate to FortiMail to relay.
Related article:
