SMG: Addressing a specific spoof technique

I need a solution

Hi Guys,

Any idea how to block a spoofed email with this specific technique, below is the condition:

a) At MTA (SMG) level, we can see the actual or the real source of sender domain/address

b) But when the email reach to user mailbox, it appears as spoofed domain

(local domain, this by right should only comes from internal Exchange)




SPF 5.7.1

I need a solution

Hi all,

It seems we are also being hit with the below bouncebacks for any of our tennants on Office 365 sending to anyone who uses Symantec protection.

The bounceback we are receiving is as follows (for example):

This is a delivery failure notification message indicating that
an email you addressed to email address :

could not be delivered. The problem appears to be :
-- Recipient email server rejected the message

Additional information follows :
-- SPF (Sender Policy Framework) domain authentication
fail. Refer to the Troubleshooting page at for more 
information. (#5.7.1)

This condition occurred after 1 attempt(s) to deliver over
a period of 0 hour(s).

If you sent the email to multiple recipients, you will receive one
of these messages for each one which failed delivery,  otherwise
they have been sent.

Our SPF records for all 365 tennants are up to date as they should be. Any ideas on what we can do? This is starting to impact our organisation…



Federal agencies need to look beyond DMARC for email security

DMARC, Spam filtering, Spamming, Microsoft, Email, Email authentication, cyberspace, DMARC, Russian interference in the 2016 United States elections, United States Department of Homeland Security, Email spam, Cybersecurity, Technology, Cyberattack, Phishing
DMARC can be helpful but don’t be lulled into a false sense of security. (Photo: Agency)

Reports have emerged that suggest U.S. government agencies operating .gov domains are adopting the DMARC (Domain-based Message Authentication, Reporting and Conformance) protocol ahead of the Department of Homeland Security’s (DHS) directive deadline of January 15. While the heightened attention to practices is to be applauded, and any additional layer of security is welcome, the implementation of DMARC should not be seen as a silver bullet to preventing phishing and other email spoofing.

After all, it’s less than a month since Mailsploit was discovered – a serious vulnerability that allows hackers to easily spoof and impersonate emails that can bypass DMARC protocols, compromising the integrity and authenticity of the sender as a means to trick recipients into taking a compromising action.

Mailsploit isn’t the only issue as DMARC has been proven to have several other pitfalls, including its ability to break mail flow if SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are not setup, unintentionally causing a backlog in email messages. Similarly, DMARC does not protect against malicious messages that share the same host.

With the overwhelming majority of cyber warfare, cyber espionage and cybercrime originating with an email phishing attack, it is imperative that government departments and organisations look beyond DMARC for a holistic approach to detect, prevent and respond to malicious email messages. This includes augmenting the representation of senders inside the email client to learn true sender indicators and score sender reputation through visual cues and metadata associated with every email, empowering end users to make better and quicker decisions. This should also be integrated with automatic smart real-time email scanning into multi anti-virus, and sandbox solutions so forensics can be performed on any suspicious emails either detected or reported.

DMARC can be helpful but don’t be lulled into a false sense of security. For those threat actors that are truly motivated to cause damage or destruction, the protocol will prove an ineffective line of defence.

The author is CEO & Founder of IRONSCALES. Views are personal.

For all the latest News, Follow us on Twitterand Facebook