Hello. I’ve been receiving some spam lately, and I’ve noticed that during the SMTP connection, the sender's "from" domain does not resolve via DNS but the DNS resolvers are working properly. Additionally, since the domain is not resolvable aka. it does not exist , both SPF and DKIM checks fail. Shouldn't FortiMail block these emails during the SMTP session since I have the "Check Sender Domain" option enabled within the "Unauthenticated Session" settings? Any ideas or help its much appreciated. Thank you.
Hello Fexaac
Can you try enable DKIM and SPF checks in antispam filter instead? That should work if you do so.
On the other hand as per my understanding, the natural place of DKIM and SPF check should be (as per my understanding) in the antispam, not in session, even if there is a possibility to enable them in the session profile. Don't ask me why as it is a bit philosophical.
On the other hand and as you may know, the "from" domain is in two locations, the envelop from and the header from. The envelop from is the one checked with SPF, and the header from is checked with "sender alignment" option in antispam. I always enable that one because some spam mails play on the header from.
I also mean if the "header from" doesn't exist, it doesn't affect the SPF or domain check in the session profile, because the session profile checks the "envelop from" (if I'm not wrong).
Hope it helps.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.