Messaging Gateway

Hi,

We have SBG 8.0.3-11 appliance. On which we have enabled Sender Authentication for a list of domains. The list includes many domains but no action is being taken on spams from these domains.

Example:

The SPF and Sender ID lookup is failing for spams from gmail, and also no defined action is being taken on these messages [{ We have defined the action for such messagesto ""Prepend the subject line:[ Sender Auth Failure]".

Can someone advice....

Enabling SPF and Sender ID authentication

Symantec Brightmail Gateway can authenticate a sender's IP address by checking it against the published DNS record for the named mail server. If the DNS record includes a hard outbound email policy (one that requires content filtering), and it does not include the sending IP address, Symantec Brightmail Gateway processes the inbound message according to the action that you specify on the Sender Authentication page. If the sender's IP address matches the IP address that is published in DNS record, or if the domain publishes only an informational policy or does not publish a policy at all, no action is taken.

Authenticating the IP addresses of senders can reduce spam because spammers often attempt to forge the mail server name to evade detection. Symantec Brightmail Gateway uses the Sender Policy Framework (SPF) or the Sender ID standard to authenticate sender IP addresses. If you specify domains whose IP addresses you want Symantec Brightmail Gateway to authenticate, the best practice is to specify the highest-level domain possible, such as example.com, because tests for compliance include all subdomains of the specified domain—for example, my.example.com and your.example.com.

Warning:
Authenticating all domains can significantly increase processing load. Many domains do not publish an outbound email policy, or they publish only an informational policy. Attempting to authenticate the IP addresses belonging to such domains will not produce any action on mail sent from them and can unnecessarily expend processing resources, at times excessively. Authentication is most effective for domains that publish hard policies that are frequently spoofed in phishing attacks.

To enable SPF and Sender ID authentication

1. In the Control Center, click Spam > Settings > Sender Authentication.
2. Check Enable Sender Authentication.
3. Under Authentication Types, check Sender Policy Framework (SPF) or Sender ID.

   Choosing Sender ID also enables SPF because when you authenticate Sender ID with DNS, it also provides SPF authentication.

4. Under Domain Authentication, choose a domain authentication method.

   To initiate sender authentication on incoming messages from all domains, click Authenticate all domains and click Save.

   To select specific domains to authenticate, click Authenticate only the following domains and check the domains to authenticate.

5. Perform additional actions as needed.To add a new domain to the list click Add. Type a domain name in the text field and click Save.

6. • To edit the spelling of a domain click the domain name and click Edit. Make changes and click Save.

   • To delete a domain from the list, check the domain name and click Delete.

   • To change the default action, or to add additional actions, choose from the drop-down menu. Some action choices display additional fields where you can provide specifics for the action. By default, each failed message has the phrase [sender auth failure] prepended to its subject line.

      

7. Click Save to commit your changes.