You receive spoofed email messages even though the SPF record spam filtering options are enabled in Forefront Online Protection for Exchange

Article ID: 2634659 - View products that this article applies to.
Expand all | Collapse all

Symptoms

You enable the Sender Policy Framework (SPF) record spam filtering options in Microsoft Forefront Online Protection for Exchange (FOPE). However, you still receive spoofed email messages.
Back to the top | Give Feedback

Cause

This issue occurs if the sender of the spoofed email message is a member of the Safe Senders list that was uploaded through the FOPE Directory Sync Tool (DST).

Back to the top | Give Feedback

Resolution

To resolve this issue, follow these steps:
  1. Obtain a copy of the spoofed email message that made it through the spam filter. To do this, perform a raw log trace. 
  2. Run a message trace for the email message. For more information about how to run a message trace, visit the following Microsoft website:
    How to run a message trace
    (http://technet.microsoft.com/en-us/library/ff714992.aspx)
  3. If the value of the DI field in the disposition is SF, the sender of the email message is flagged as a Safe Sender. Remove this sender from the Safe Senders list.
Back to the top | Give Feedback

Properties

Article ID: 2634659 - Last Review: June 14, 2013 - Revision: 7.0
Applies to
  • Microsoft Forefront Online Protection for Exchange
Keywords: 
vkbportal225 vkbportal237 vkbportal231 o365 KB2634659
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top