You receive spoofed email messages even though the SPF record spam filtering options are enabled in Forefront Online Protection for Exchange

Article translations Article translations
Article ID: 2634659 - View products that this article applies to.
Expand all | Collapse all

Symptoms

You enable the Sender Policy Framework (SPF) record spam filtering options in Microsoft Forefront Online Protection for Exchange (FOPE). However, you still receive spoofed email messages.

Cause

This issue occurs if the sender of the spoofed email message is a member of the Safe Senders list that was uploaded through the FOPE Directory Sync Tool (DST).

Resolution

To resolve this issue, follow these steps:
  1. Obtain a copy of the spoofed email message that made it through the spam filter. To do this, perform a raw log trace. 
  2. Run a message trace for the email message. For more information about how to run a message trace, visit the following Microsoft website:
    How to run a message trace
  3. If the value of the DI field in the disposition is SF, the sender of the email message is flagged as a Safe Sender. Remove this sender from the Safe Senders list.

Properties

Article ID: 2634659 - Last Review: June 14, 2013 - Revision: 7.0
Applies to
  • Microsoft Forefront Online Protection for Exchange
Keywords: 
vkbportal225 vkbportal237 vkbportal231 o365 KB2634659

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com