Spoofed email

The spoofed email filter can help determine the validity of message senders and reduce instances of sender impersonation via a set of header sender comparisons and SPF, DKIM, and Sender ID analysis results.

Spoofed email filter message header comparisons involve the From, envelope Sender, and Reply-To fields.

The From field indicates the entity (for example, person or mailbox) that is responsible for authoring the message.
The envelope Sender field contains information about the entity responsible for the actual transmission of the message (for example, someone who sends a message on behalf of another person).
If present, the Reply-To field specifies the address to which a message reply should be sent. If Reply-To is not present, a reply is sent to the From: address.

Note:

The spoofed email filter provides SPF analysis in addition to the inbound relay SPF email rejection options on the page Settings > Inbound/Outbound > Relay Controls. The following should be considered regarding the use of these two SPF-based analyses:

When a message triggers a mail routing SPF connection rejection option and is dropped, it will not be processed by the spoofed email filter and email content is not analyzed.
When a message triggers a mail routing SPF connection rejection option but is not dropped, the SPF score from this analysis is stored for use by the spoofed email filter.

The spoofed email filter can be configured to use one or more header comparisons and to enable authentication analysis. Configure the spoofed email filter on the page Main > Policy Management > Filters > Add (or Edit) Filter.