Showing results for 
Search instead for 
Did you mean: 

SPF Softfail for Mails passing through Cisco ESA


We are facing SPF Softfail issue after mail pass through Cisco ESA and then go to GSuite.

We have a main domain that is working fine:

We have a secondary domain on GSuite:

For some users we've to redirect mails to and to do that we 've created a specific smtp route on ESA for the domain the flow is working fine, but sometimes mails go into SPAM because of spf softfail. Infact analyzing the received header we are able to see that no original IP address is evaluated and that's why SPF check fails. 

What we did on ESA was: 1) create the smtp route for; 2) create an Incoming policy that for specific recipient redirect mails to domain The route is working and GSuite is configured as indicated in the Cisco official guide   Can you suggest how to approach?

1 Reply 1

Cisco Employee
Cisco Employee

Since ESA is the MTA receiving emails from external domains, it should be one running SPF verification and not GSuite.

I don't see a specific necessity of running SPF verification again when ESA has achieved the purpose. Does Gsuite have an option to skip SPF verification if it arrives from the ESA IP addresses? 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers