FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Article Id 195471
This article describes how to prevent spam from protected domain coming from outside the network.

1) System administrator is required to define the Sender Policy Framework (SPF) to protect the domain.
SPF compares the client IP address to the IP address of the authorized senders in the DNS record.
If the test fails, the email is treated as spam.
"v=spf1 a mx ip4: -all"
2) SPF needs to be enabled on session profile or antispam profile.
- Enable SPF on Session Profile: Go to Profile -> Session and edit 'Inboud_Session Profile', 'Sender Validation' and enable 'SPF check'.
- To enable SPF in an antispam profile: Go to Profile -> AntiSpam, edit 'AS_Inbound' and enable SPF.

From firmware 6.0 and later, gradually control over SPF is possible.
Refer to the related articles for more information.
If 'Bypass SPF checking' is selected in the session profile, SPF checking will be bypassed even if this is enable in the antispam profile.

3) If the system requires SPF disabled to receive email from other partner, define an access control policy from internal to internal.
It’s required user authenticate to FortiMail to relay.

Related Articles

Technical Tip: Enable Sender Alignment Check in FortiMail