Filter messages that spoof external domains

Select Filter inbound messages that spoof external domains using DMARC to detect spoofed incoming messages that appear to be sent from legitimate external domains, but which fail DMARC validation checks. This option validates both the Mail From sending address and the From address. DMARC is built on SPF and DKIM validation, and allows the owner of a domain to publish a policy (via DNS TXT records) that defines how the receiver should deal with spoofed messages.

From the drop-down menu, select the action to perform when spoofed messages are detected:

• Use DMARC policy: This is the default option. Spoofed messages will be quarantined or rejected, depending upon the domain owner’s policy.
• Quarantine: Spoofed messages are kept in quarantine for up to 30 days.
• Discard: Spoofed messages are discarded.
• Tag subject with: The subject line of detected spoofed messages are tagged with “SPOOFED:” or a custom tag that you enter.

Messages detected as spoofing external domains will be logged as “Spoofed- External”.

By default, if authentication checks fail to complete, the message is considered spoofed and the selected action is applied. To specify an alternative action when authentication checks fail to complete, select Apply alternative action when spoofed message checks fail to complete. Available options depend upon the action selected for spoofed messages:

• When the Action is Use DMARC policy, Quarantine, or Tag Subject, the alternative option is Tag Subject.
• When the Action is Discard, the alternative options are Quarantine and Tag Subject.