Incoming email SPF verification

irshad101

Member
Feb 3, 2021
13
1
3
UK
cPanel Access Level
Root Administrator
Hello,

I have cPanel server with CENTOS 7.9 v94.0.10

we are receiving server wise LOT of spam emails, I have checked the Exim Configuration Manager and Apache SpamAssassin™: Forced Global ON is (ON)

but we are still receiving lot of SPAM and most of spam when I check did't pass SPF check with sender domain and IP address.

We also receive emails from our own domains from different IPS.

how can I enable and make sure that every incoming emails pass the SPF check?

Thanks
 

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
You could use DMARC to block emails which fail SPF, however, you will end up blocking legitimate email as some web masters are lazy and don't have SPF enabled at thier end.

Regarding the emails from your own domains, are they actually coming from your own domains, or is the 'from' address being spoofed.

If they are coming from your own domains, ie, your domains are authenticate the sending, then you should try to investigate which accounts might be doing this, and change some passwords.
 

irshad101

Member
Feb 3, 2021
13
1
3
UK
cPanel Access Level
Root Administrator
Hello,

no emails are coming from other servers while I check IPS
also all my domains have valid SPF then when IP is different email must be rejected but emails are receiving.

could you please help me how to "use DMARC to block emails which fail SPF"?

Thanks so much
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,493
1,009
313
cPanel Access Level
Root Administrator
We had a similar post on this last week:


and I recommended that if you really want to stop spam, to enable the DKIM checks instead of just SPF.
 

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
For DMARC, you need to create a new DNS entry.

Hostname= _dmarc
type= txt/spf
Destination/Target= v=DMARC1\;p=none\;sp=none\;adkim=r\;aspf=r\;pct=100\;fo=0\;rf=afrf\;ri=86400\;rua=mailto:some_email\@yourdomain.com\;ruf=mailto:some_email\@yourdomain.com

Fill in your own email address (leave the backslash in place)

The example I gave above will allow failures to be delivered
None: v=DMARC1; p=none; sp=none; rf=afrf; pct=100; ri=86400

The below entries will either reject or quarantine depending on which you choose.


Reject: v=DMARC1; p=reject; sp=none;
Quarantine: v=DMARC1; p=quarantine; sp=none;

However, be warned about what I said when legitimate email is likely to be rejected or quarantined, as a great many web servers won't have SPF installed.