ProofPoint Inbound Emails| EasyDMARC

Exploring Proofpoint’s Approach to DMARC for Inbound Emails

4 Min Read
Proofpoint Inbound Emails

Proofpoint is a filtering solution that can protect your domain against spoofing emails. Proofpoint does not fully adhere to the DMARC Reject policy. So, if your DMARC policy is set to “Reject,” emails will not be bounced or rejected.

If a DMARC policy is on Reject or Quarantine and the email fails the DMARC check, the email is categorized as Fraud and appears in the digest of end users but it will never be rejected or bounced.

When a DMARC policy is set to None and an email fails its DMARC check, no action is taken, and the email is sent. 

If you want the inbound emails bounced and rejected when they fail their DMARC check, you need to enable the Anti-Spoofing Feature in your ProofPoint platform. 

Here’s how:

  1. Navigate to Administration > Account Management > Features
  2. Check the box labeled ‘Enable Anti-Spoofing Policies’
  3. Click Save
    Once the Feature is enabled, you will need to configure the anti-spoofing policy you wish to apply to the organization.
  4. Navigate to Security Settings > Malicious Content > Anti-Spoofing

Then, there are three separate policies available to configure:

  • Inbound DMARC
  • Inbound SPF
  • Inbound DKIM

Inbound DMARC

  1. Check the option you wish to apply for inbound DMARC policy evaluation

The recommended configuration for this policy is “Allow the sending domain’s DMARC policy to determine whether or not to block messages.“. You need to click on this option to let ProofPoint make decisions based on your DMARC policy.

But if “Ignore the sending domain’s DMARC policy, but log the result” is chosen, messages that fail the DMARC check will be passed through the system. The result will be logged in logs and in the message’s header.

Inbound SPF

  1. Check options you wish to apply for inbound SPF policy evaluation.

If a DMARC policy is not present for the sending domain, or you have chosen to ignore the DMARC policy, you can choose to evaluate the sender’s SPF policy (if it exists) and these policies will apply. There are three results which can be acted on:

  1. Failure: The message has failed the SPF check. This indicates that the message has been spoofed.
  2. Temporary Error: An transient error occurred during the retrieval of the foreign domain’s SPF policy in DNS.
  3. Permanent Error: An error occurred while parsing the foreign domain’s SPF policy in DNS. This means that the record is malformed in some way.

Inbound DKIM

  1. Check the options you wish to apply for inbound DKIM policy evaluation.

If a DMARC policy is not present for the sending domain, or you have chosen to ignore the DMARC policy, you can choose to evaluate the message to see if it has been signed with DKIM. There are three results which can be acted on:

  1. Failure: The message has failed the DKIM check. This indicates that the message has been spoofed.
  2. Temporary Error: An transient error occurred during the retrieval of the foreign domain’s DKIM key in DNS.
  3. Permanent Error: An error occurred while parsing the foreign domain’s DKIM key in DNS. This means that the record is malformed in some way.
  4. Click Save

If you want to prevent emails from being delivered, choose “Quarantine” for each check mark, which prevents the message from being delivered to its intended recipient. Otherwise, if you wish to keep the emails being delivered, you can choose “Take no action” which allows the message to continue to be processed, or “Tag subject line with text” which prepends the supplied text to the message’s subject line. The message is Tagged and Logged but will continue to be processed.

In addition, for each Anti-Spoofing policy, a list of exceptions can be created to exclude individual domains from the policies. We highlighted the important point regarding the functionality of DMARC policy on ProofPoint for your inbound emails. It explains that even if the DMARC policy is set to “Reject,” emails will still be delivered to the recipient unless Anti-Spoofing function is enabled. To ensure proper filtering based on the DMARC policy, we suggest following the mentioned steps to trigger all check marks in the above section to “Quarantine.” This will allow the filtering system to function effectively in accordance with the “Reject” policy.

Profile image
EasyDMARC
Various authors from EasyDMARC teams have contributed to our blog during company's lifetime. This author brings everyone together.

Comments

guest
0 Comments
Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us

In this article

Share article:

Domain Scanner

Check phishing vulnerabilities and possible issues with DMARC, SPF,DKIM, and BIMI records

More In Source Configuration
Mimecast SPF and DKIM Configuration: Step By Step Guide
4 Min Read

Get Your Emails Delivered In 2024

An Easy Guide To The New Google and Yahoo Requirements
Download Ebook
New Ebook