cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
593
Views
0
Helpful
1
Replies

SPF Softfail for Mails passing through Cisco ESA

doverture
Level 1
Level 1

We are facing SPF Softfail issue after mail pass through Cisco ESA and then go to GSuite.

We have a main domain that is working fine: example.com

We have a secondary domain on GSuite: xy.example.com

For some users we've to redirect mails to xy.example.com and to do that we 've created a specific smtp route on ESA for the domain xy.example.com: the flow is working fine, but sometimes mails go into SPAM because of spf softfail. Infact analyzing the received header we are able to see that no original IP address is evaluated and that's why SPF check fails. 

What we did on ESA was: 1) create the smtp route for xy.example.com; 2) create an Incoming policy that for specific recipient redirect mails to domain xy.example.com. The route is working and GSuite is configured as indicated in the Cisco official guide https://www.cisco.com/c/en/us/support/docs/security/cloud-email-security/214736-configuring-g-suite-gmail-with-cisco-c.html   Can you suggest how to approach?

1 Reply 1

UdupiKrishna
Cisco Employee
Cisco Employee

Since ESA is the MTA receiving emails from external domains, it should be one running SPF verification and not GSuite.

I don't see a specific necessity of running SPF verification again when ESA has achieved the purpose. Does Gsuite have an option to skip SPF verification if it arrives from the ESA IP addresses? 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: