Whitelisting Email Service for Anti-Spoofing and DMARC



  • My company uses an Anti-Spoofing Protection based on the SPF Record and has implemented DMARC. Often our users correspond via a "secure" messaging platform like Proofpoint/ZIX/IronPort from their counterparts. However, when our users respond on those platforms, the platforms respond on their behalf "spoofing" their emails. At first level it fails to reach any of that person's colleagues if they are on the thread based on our Anti-Spoofing Protection (Which I can whitelist Proofpoint/ZIX/IronPort via adding their IPs to our SPF record), however how can I do it for DMARC? Since I don't have any of those services, I can't provide them the DKIM key, etc. I'm assuming just whitelisting Anti-Spoofing Protection would then fall to failing to DMARC next.

    enter image description here



  • DMARC requires either SPF or DKIM passing with alignment to the From header domain.

    If you've added the encryption service gateways to your SPF record, all mail from those gateways will pass your domain's DMARC.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2