marcus
asked on
Received-spf: None
I tried to extract the message header of a spam email that we are receiving in inbox and noticed that it doesn't have a SPF. My question is, is this suppose to be accepted even if it did not permit to send the email? Why is it not being blocked by EOP?
received-spf None (protection.outlook.com: daemon-domain.com does not designate permitted sender hosts)
received-spf None (protection.outlook.com: daemon-domain.com does not designate permitted sender hosts)
Not having an SPF record is the same as having one with a ?all default. Essentially it means nothing, and thus should not be used as grounds for blocking.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Vasil
Does enabling Hard Fail in EOP means that it will reject ALL incoming external emails if their SPF is tagged as hard fail?
Does enabling Hard Fail in EOP means that it will reject ALL incoming external emails if their SPF is tagged as hard fail?
Not reject, mark as spam, and then perform whichever action you have configured for spam messages. Check the documentation here: https://docs.microsoft.com/en-us/office365/SecurityCompliance/advanced-spam-filtering-asf-options