Cisco Cisco Email Security Appliance X1070 Information Guide
Why do messages get delivered even if SPF
verification fails?
verification fails?
Document ID: 118574
Contributed by Cisco TAC Engineers.
Oct 14, 2014
Oct 14, 2014
Contents
Introduction
Why do messages get delivered even if SPF verification fails?
Related Information
Why do messages get delivered even if SPF verification fails?
Related Information
Introduction
This document provides an explanation as to why email messages are delivered even when the Sender Policy
Framework (SPF) validation fails.
Framework (SPF) validation fails.
Why do messages get delivered even if SPF verification
fails?
fails?
SPF is a simple email validation system designed to detect email spoofing by providing a mechanism to allow
receiving mail exchangers to check that incoming mail from a domain is being sent from a host authorized by
that domain's administrators.
receiving mail exchangers to check that incoming mail from a domain is being sent from a host authorized by
that domain's administrators.
On the Cisco Email Security Appliance (ESA), SPF verification is enabled for all incoming messages on Mail
Flow Policies. A content filter exists which will quarantine or drop the messages if SPF−Verification fails,
using the condition SPF−Verification and spf−status == "fail", with action of Quarantine:
Flow Policies. A content filter exists which will quarantine or drop the messages if SPF−Verification fails,
using the condition SPF−Verification and spf−status == "fail", with action of Quarantine:
Mail logs or message tracking shows the following details:
Thu Aug 20 17:27:37 2009 Info: MID 6153849 SPF: helo identity postmaster@example None
Thu Aug 20 17:27:37 2009 Info: MID 6153849 SPF: mailfrom identity
user@example.com Fail (v=spf1)
Thu Aug 20 17:28:15 2009 Info: MID 6153849 SPF: pra identity user@example.com
None headers from Thu Aug 20 17:28:15 2009 Info: MID 6153849 ready 197 bytes
from <user@example.com>