Please note, when adding SPF checking/enforcing for a domain or email address, you will want to first confirm that the domain has a valid and up to date SPF record. If there is no SPF record, or the SPF does not define the correct sending IP addresses, then Impersonation Protection could cause legitimate messages to be sent to the quarantine (if that option is selected).
SPF checking is not enforced by default. To take advantage of the SPF checking on our system, there are 2 steps:
- Add the sender's email address or domain to the Approved senders list in Settings > Approved senders. (Or, if you've already approved the sender, locate the sender in the grid and click on the row to edit it.)
- To quarantine all messages from this sender that do not pass SPF with alignment or DKIM with alignment, select Impersonation protection for domain spoofing, and then click Save.