Enable Sender Policy Framework (SPF) Lookup

Sender Policy Framework (SPF) is a mechanism defined by RFC 7208 which can help determine if incoming mails are sent from a host authorized by the domain's administrators. Usually a domain administrator will publish a TXT record in the Domain Name System (DNS) in order to specify a list of authorized hosts that can send emails from that domain. Enabling SPF is an anti-spam technique that will instruct Mail Agent to perform SPF checks on the "FROM" address(es) and add a header to the email with the SPF result.

How to Enable SPF checks

  1. Go to the installation directory (by default C:\Program Files (x86)\OPSWAT\Metadefender Core <engine count>\Metadefender Mail Agent) and open the file Metadefender.Email.Engine.Processor.dll.config for editing.

  2. Find the setting called DoSpfCheck and modify the value to true.

  3. (Optionally) Find the setting called SpfCheckHeaderName and modify the value to the desired value to be used for the header name that will be added to the email. This header value will contain the SPF result.

Possible SPF results

After the SPF check is performed a header will be added to the email (by default X-Metadefender-Spf-Result) and the value will be one of the following:

  • Pass

  • NoRecord

  • SoftFail

  • HardFail

  • Error

  • Neutral

  • Unknown

  • UnknownMechanism

Please note that you will be required to add a rule on the target (destination) server to check for this header and take action based on the value (e.g delete the message, send to quarantine, etc).

Informational headers X-Metadefender-Spf-Sender & X-Metadefender-Spf-Ip are added to inform which email address & ip address was used in the SPF record lookup. An optional header (X-Metadefender-Spf-Reason) is added if the SPF check has failed or is skipped.