Ignoring SPF & DMARC failures

Dan Genel · ‎Apr 03 2019

One or our external website pages is used to submit content and leverages SendMail to route to internal team members.

We use the submitter's email address as the from address, and not surprisingly some emails are failing SPF/DMARC as their domain have not specified that our site's IP is on their list of senders.

I want to make sure that these messages are not considers spam/phishing etc when they are evaluated coming into our environment - what is the best way to do that?

Thanks!

Vasil Michev · ‎Apr 03 2019

Apart from adjusting the SPF record you mean? You can whitelist the sending IPs, which I imagine might be a lot (or might change in the future). Or you can create a transport rule based on some other criteria that helps you identify those messages, and set the action to bypass spam filtering.

Dan Genel · ‎Apr 04 2019

@Vasil Michev - I can't update the SPF list - as it's each domain's SPF record that would have to be adjusted - .e.g if someone from Microsoft submits something, the Microsoft SPF record would have to allow sending from my IP address.

I should have mentioned that I do already have a transport rule that sets the SCL level of any message sent to the shared email address to -1.

Is there anything else that I can do to ensure deliver even if the SPF/DMARC checks fail? Will a SCL of -1 ensure that all email is delivered in this situation?

Thanks.

Vasil Michev · ‎Apr 04 2019

That rule should be sufficient, as long as it actually captures all messages sent this way.

Ignoring SPF & DMARC failures

Ignoring SPF & DMARC failures

Re: Ignoring SPF & DMARC failures

Re: Ignoring SPF & DMARC failures

Re: Ignoring SPF & DMARC failures

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Ignoring SPF & DMARC failures

Ignoring SPF & DMARC failures

Re: Ignoring SPF & DMARC failures

Re: Ignoring SPF & DMARC failures

Re: Ignoring SPF & DMARC failures