Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

SPF Verification

Hello I'm getting quite a bit of spam from email address where the domain cannot be verified. I've tried creating a HAT rule that rejected any email where the Reverse lookup could not verify the DNS. The problem here is it seems SPF records can cause the lookup to fail so you reject valid emails. Would setting up SPF verification correct this? I'd like to get emails from companies using valid SPF records but also block spammers trying to bounce email off servers to hide the actual sending address. I hope this makes sense.

New Member

It's recommended to use SPF

It's recommended to use SPF verification.

But remember to regulary check quarantine beacouse there are lots of wrong configured SPF record.


Create two rules like this:

SPF record FAILS -> DROP_Action (equals - sing)

SPF record SOFTFAIL -> QUARATINE Action (equals ~ sign)


SPF record will lower spam rate.


New Member

Thank you for the suggestion.

Thank you for the suggestion. I will try this.