This article explains how to configure SecurityGateway to check the Sender ID record, if one exists, on the sending domain of incoming messages to verify if the connecting server is a valid sender, and help prevent the acceptance of spam messages that use forged domains
From the Dashboard, after signing in:
- Click on Security, in the lower-left corner
- Locate the Anti-Spoofing section
- Click on Sender ID
From there, you may configure the following options, either globally or for individual domains by selecting the 'For Domain' drop down at the upper right:
-
Verify sending host using Sender ID
SecurityGateway will do a query on the Sender ID record on the domain listed in the MAIL FROM command given during the incoming SMTP session, and check to see if the message was sent from a valid sending agent based on its PRA (Purported Responsible Address), which is determined through a number of headers in the message. By default, this is enabled.
-
When Sender ID processing returns a HARD FAIL result
If SecurityGateway does a Sender ID check and determines that the purported sending domain's policy does not allow the current sending agent to send email from its domain, SecurityGateway can refuse the message for delivery completely, quarantine it for later study, or accept it for delivery to the recipient. By default, SecurityPlus refuses delivery of mail that HARD FAILS a Sender ID check on the domain.
-
... tag subject with <>
If a message is accepted for delivery or quarantined, you may add the specified line, by default '*** FRAUD ***' to the subject. By default, this is disabled.
-
... add x points to message score.
If a message is accepted for delivery or quarantined, you may add the specified number of points, by default 5.0, to the score of the message. By default, this is enabled.
-
When Sender ID processing returns a SOFT FAIL result
If SecurityGateway does a Sender ID record check and determines that the purported sending domain's policy does not explicitly allow sending from the current sending agent - but it could be valid - SecurityGateway can do the same as above: refuse to accept the message, quarantine it, or accept it for delivery. By default, SecurityGateway accepts messages for delivery.
-
... tag subject with <>
If a message is accepted for delivery or quarantined, you may add some text, by default '*** FRAUD ***', to the subject. By default, this is disabled.
-
... add x points to message score.
If a message is accepted for delivery or quarantined, you may add the specified number of points, by default 2.0, to the score of the message. By default, this is enabled.
-
When Sender ID processing returns a PASS result ... add x points to message score
If SecurityGateway does a Sender ID check and can verify the connecting agent as a valid sender for the domain given, it can add the specified amount of points, by default 0.0, to the message score. If you choose to enable this, remember to set the amount of points added to a negative number. By default, this is disabled.
-
Exclude messages from whitelisted senders
If the sending IP address is on the server's whitelist, then SecurityGateway will not do a Sender ID check on the message. By default, this is disabled.
-
Exclude messages from authenticated sessions
If the connecting user authenticates their session using a username and password on the SecurityGateway server before sending the message, SecurityGateway will not do a Sender ID check on the message. By default, this is enabled.
Note that the following option is set for the entire server:
Interpret 'v=spf1' records as 'spf2.0/mfrom,pra'
If the purported sending domain does not have a Sender ID record, it can treat an SPF record, if it exists, as a Sender ID record for the purpose of a verification check, and use the MAIL FROM field given in the incoming session. By default, this is enabled.