1

I have been trying to find a straightforward answer to this, but I have been having no luck. I also tried asking on the security focused Stackexchange site, but had no luck there is well. I am hoping someone here might have some insight.

I am trying to understand what it means for a Source IP to fail SPF. Does this mean that the domain that failed the SPF tried to send an email on behalf of my domain? (essentially spoof my domain?). If that is not correct, then is there a way to use this report to find out which domains are sending email on behalf of my domain?

Thanks

Dave
  • 11
  • 1

1 Answers1

0

Does this mean that the domain that failed the SPF tried to send an email on behalf of my domain? (essentially spoof my domain?)

No. What this means is that (i.e) somehow a valid client of your domain went through a mailing list out of your domain control, or a mailbox redirect of your former employee, and this was caught by report. This is a known and a biggest flaw with the SPF itself - it fails whenever mail got redirected along its way with a sender changed..

Peter Zhabin
  • 2,276
  • 8
  • 10