cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
523
Views
5
Helpful
1
Replies

ESA content filter/cli filter to check include SPF record

kaizen
Beginner
Beginner

Hi community,

I am trying to whitelist or more correctly said to SPOOF_ALLOW the servers that gmail/outlook use to send email for a customer domain. Basically gmail and outlook ask clients to include their ranges via a include in SPF record. For example  include:_spf.google.com  resolves to include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com which then shows the many ranges of google.

My question is if I want to allow only mail sent from the customer's domain and coming from some of the servers in the SPF record for google/outlook to match Sendergroup SPOOF_ALLOW. All other emails coming from GMAIL/Outlook should be treated normally and match the policies below - UNKNOWNLIST / ACCEPTLIST.

I guess maybe some content filter can be used..

Is there a better way to keep Spoofing protection in good state without allowing all the vendor public ranges? It seems Gmail/Outlook are not giving specific IPs or segments for a particular customer/domain.

 

Thanks. Any advice is appreciated.

K.

1 Reply 1

UdupiKrishna
Cisco Employee
Cisco Employee

Considering the email pipeline, sender group comes first and then the filters. So there's no possible way to control which sender group is used for different messages by a filter.

 

SPF verification kicks in after a sender group is matched, so that doesn't help either. What could possibly help is if google or outlook can specifically send messages to a different listener IP (a new listener needs to setup on ESA too) when the messages are meant for their domain, this way rest of common gmail/outlook messages come through different listener.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: