|Situation||Messages from a service or application that sends as the customers own domains is getting quarantined due to spoofing. Common services include: Printer / Scanner, Ticketing / Help Systems, Web Forms etc.|
|Solution||An inbound filter should be created that allows mail from specific address / domain bypassing the spoof check.|
Proofpoint Essentials has an optional setting on the Spam tab for "Inbound domain spoofing protection:" When enabled, any message coming inbound from any of your own domains will receive a spoofing score high enough to quarantine the message. This scoring does not check Sending Servers or do an SPF check. There are a few ways to allow these messages to come through without being quarantined.
- Most Secure: Add the sending IP / IP ranges of the service or applications servers that send these messages to the Safe Senders list. (Email > Sender Lists > Safe Sender).
- Secure: Proofpoint does NOT allow you to add addresses / domains with any of your own domains to Safe Senders. In this case, you can create an inbound filter that allows a specific address or the entire domain to come through. This will be outlined below.
- Least Secure: Disable the Inbound domain spoofing protection: option (Email > Spam Settings). In this case, messages coming in from your own domain will be subject to normal threat scanning and SPF verification.
Creating an inbound Filter to allow messages sent as your own domain addresses. (Step 2 above)
- Navigate to Email under Security Settings, followed by Filter Policies, thenI nbound
- Click New Filter.
- Name the Filter and select Continue.
- Leave Scope as Company.
- If line: <Sender Address > <IS> (Add the specific sender address or *@domain you want to allow).
Note: You can add multiples separated by commas on this line if you want to add multiple addresses or domains.
- Do line: <Allow>.
Proofpoint recommends using a specific sending email address when possible as opposed to the full domain. This reduces the chances that a spammer will guess that specific address to send spam in. If you use the full *@domain, it is more likely spammers will be able to spoof messages as your own domain and bypass scanning.