Needed to stop some of the ransomware that is spreading in the net.
Create your SPF records, listing the IP addresses. Try to avoid using “mx” in the SPF record, since it can cause issues with the SPF checking for your own domain. Use “-” for hardfail
domain.com. IN TXT “v=spf1 ip4:IP/mask -all”
Install the AntiSPAM agents
Set the action for Spoofed Domain as Reject
Set-SenderIDConfig -SpoofedDomainAction Reject
Example of a spoofing attempt blocked by the Agent
... 250 XRDST mail from: firstname.lastname@example.org 250 2.1.0 Sender OK rcpt to: email@example.com 250 2.1.5 Recipient OK data 354 Start mail input; end with <CRLF>.<CRLF> Subject: Spoofing test . 550 5.7.1 Sender ID (PRA) Not Permitted