Things to know about Inbound Domain Spoofing

Created by Abderrahim Ibnou el kadi, Modified on Tue, 10 Dec at 2:41 PM by Yves Lacombe


Where is this option?






What does it do?


It tries to prevent your domain from being spoofed in a brute-force fashion.


Basically, it takes the IP addresses listed under:


1) Account Management -> Domains -> The destination IPs or host-names that mail is being delivered to for your domains


AND


2) Account Management -> Domains -> Sending Servers that are listed as allowed to relay mail on your behalf


From this list, it checks if the email FROM your domain comes from one of these IPs (or IPs associated with hostname defined in (1) and if the email doesn't come from these IPs, it rejects the email with "relay access denied".





Should I use it?


The Inbound Domain Spoofing feature is a legacy feature.


In 2024 you should be relying on the modern antispoofing feature instead of this feature.


>> How to use ANTISPOOFING with proofpoint essentials


The only reason you should use it currently is if for some reason the modern antispoofing is too inflexible for you (ie: it's hard to trust by a single Email address or IP address with it for instance, or only admins can release messages caught by the antispoofing), you would use this feature instead of the antispoofing.




Where is it configured


This option is designed to quarantine incoming messages that appear to be coming from your organization and coming from your domain name. 

To enable the spoofing protection you will need “

  1. Login to the proofpoint portal 
  2. Navigate to Company Settings 
  3. Click Spam Settings
  4. Enable “Inbound domain spoofing  protection"
  5. Check the option “Update spam detection settings for all the existing user accounts”
  6. Click SAVE button