Antispoofing Checks

The strict outbound message authenticity check performs additional tests on outbound messages processed by the policy. With the option enabled, the service checks that outbound messages originate from an IP address in the policy, or have a valid DKIM signature. Messages that fail the test are quarantined, providing additional protection to prevent your domains being spoofed by a third party.

Select Enable strict outbound message authenticity checks to apply strict checks to all outbound messages for the policy.

With this option enabled, outbound messages must either:

  • Originate from an IP address defined as an Outbound Route on the Connections tab of the policy, OR:
  • Have a valid DKIM signature applied by your email provider. (Required for customers that use a hosted service provider such as Microsoft Office 365 or Google Apps.)

Messages that do not meet these criteria will be quarantined as “Spoofed”.

Note:

Do not enable this option if your policy is used to process messages that legitimately spoof your domains. For example:

  • If your users are likely to send mail from the networks of other companies (for example, consultancy firms whose employees visit other customer sites).
  • If your organization uses mailshot companies who are authorized to send email on your behalf.