Important The KB Articles provided may require you to login to https://support.forcepoint.com to view. If you do not have an account, please Create a Customer Account. If you have an account but cannot log in, Contact Support for assistance. 

This page is designed to be a one-stop shop with featured content articles that provide relevant information regarding the antispoofing and SPF (Sender Policy Framework) checking capabilities of Forcepoint Email Security products.
 
Note The featured content listed may apply to multiple products and versions. Verify the products and versions stated in the article to ensure you are reviewing the correct featured content for your configuration. 

The information in this article is separated between the following categories:

• Cloud and On-Premise
  • Configuration
  • Troubleshooting
• Cloud Only
  • Configuration
  • Troubleshooting
• On-Premise Only
  • Configuration
  • Troubleshooting

 

Cloud and On-Premise

Configurations

Ensure that you are familiar with the below articles regarding the antispoofing capabilities of the Forcepoint Email Security Cloud, and how best to configure your account, systems, and DNS to ensure necessary security and functionality.

What are the Antispoofing methods available for email security products?
A brief on Industry-standard a​​​​ntispoofing methods used by Forcepoint Email Security Solutions

Outbound Anti-Spam and Commercial Bulk Best Practices
Best practices for ensuring that your outbound mail is not spam and is delivered in a timely fashion to its intended recipients.

What are P1 and P2 headers in SMTP, and which is the actual message sender?
The "from:" and "to:" fields found in the message headers are generally used for mail client display, but also have other purposes.

Overview of SPF for Email and Email Cloud
An overview of how SPF (Sender Policy Framework) works for cloud and on-premise email security solutions.

Overview of DKIM for Email and Email Cloud
Reference material covering how DKIM works to help reduce spam.
 

Troubleshooting

Messages are being blocked by the Forcepoint Email Security Cloud. The below collection of articles will help you determine the cause of the failure.

How do I avoid being blacklisted?
Follow these guidelines to help prevent getting blacklisted.

SPF Error: permerror:Maximum DNS-interactive terms limit (10) exceeded
The protocol does not permit more than 10 DNS lookups for a single query.

Google email defers delivery of email with error "This message does not have authentication information or fails to pass"
Google now requires messages to pass an anti spoofing test to be sure that they are legitimate.
 

Cloud Only

Configuration

Email Cloud Policy configuration recommendations and best practices
This article describes the recommended settings to enable or disable in a Cloud Email Security policy.

Forcepoint Email Security Cloud - Antispoofing
Use the Antispoofing tab to configure inbound and outbound spoofing protection for the policy.

Email Cloud Internal Executive Spoofing Explained
An essential tool for protecting executive aliases when utilizing 3rd-party mail relays.

How does whitelisting work in Forcepoint Email Security Cloud?
Review of whitelisting configuration settings.

How do I configure an SPF record to use the Forcepoint Email Security Cloud for outbound messaging?
Required settings for configuring SPF records for your domain.

How DMARC works in Forcepoint Cloud
Details on the Domain-based Message Authentication, Reporting and Conformance (DMARC) check process.
 

Troubleshooting

What is the "exists" method in an SPF record?
SPF "exists" method queries fail in Forcpeoint Email Security Cloud if the DNS query result contains a private IP address.

Why does SPF validation fail for an IP address that is included in a larger CIDR range in my SPF record?
Forcepoint Email Security Cloud will only validate CIDR netmasks of length 16 to 32.

Legitimate messages are being quarantined and considered to be spoofed
Why inbound messages from legitimate sources might be tagged as spoofed.

Email blocked as spam despite spam whitelist entry
Whitelisting is ignored if the sender's MTA IP address is not published in domain's SPF record.

How do I block spam that originates from company domain?
Enabling the Antispoofing settings in Forcepoint Email Security Cloud

DKIM keys missing in Cloud Email Security
There is only one DKIM key for my Cloud Email Security the other is missing.

Valid Emails are quarantined as (external-spoofed) and DMARC Fails when SPF uses the "exists" method
Ensure that the A records utilized for macro expansion methods utilize internet-routable IP addresses.
 

On-Premise Only

Configuration

 
How to Improve Email antivirus and antispam capabilities
How to configure and tune Forcepoint Email Security to block a higher rate of malicious email.

Spoofed Email Filter, Version 8.5
Spoofed Email Filter, Version 8.4
Reduce instances of spoofing via mail filters utilizing a set of header sender comparisons and SPF, DKIM, and Sender ID analysis results.

Handling Spoofed mail - SPF/DKIM/DMARC Quarantine/Reject options
Understanding which Email options will allow quarantine spoofed mail and which will reject it is essential to proper administration.
 

Troubleshooting

DKIM/SPF decisions location for Hybrid Email Security
A review of checks done by the hybrid cloud service and the on-premise appliance.

Block spoofed emails with a forged sender’s address
How to create a custom filter and action to block illegitimate emails.

Forcepoint Cloud Service IPs displayed as the sender IP for inbound email messages
Cloud Service datacenter IP's are displayed incorrectly as the message sender IP in FSM message logs.

Why does Forcepoint Email Security allow internal spoofed mail from Hybrid
How to reject internal spoofed mail relayed from the Hybrid service

Does Forcepoint Email Security support the SPF macro-expansion methods?
Limitations with the SPF Macro-Expansion "{h}" method when used with Forcepoint Email Security in Hybrid Configurations.

Unable to delete DKIM keys after upgrade to v8.5
DKIM Keys and Signing Rules can be lost during upgrade.

Domain-based Message Authentication, Reporting and Conformance (DMARC) verification fails on messages received from the Email Hybrid pre-filtering cloud
To resolve, Install the appropriate hotfix for your version of Email Security.




Keywords: spf check; spoofing; cloud email issue; cloud issues; email blocking; dns server issue