Environment
GWAVA
Situation
I have enabled SPF, but messages that are spoofed don't appear to be firing on the SPF event.
Resolution
If spoofed messages are getting through after enabling the SPF event, check the following:
1) Make sure SPF is actually enabled. Under scanner/policy management | scanner name | scanning config. | antispam | SPF make sure "Enable SPF event" is checked. Also, make sure "enable connection drop" or "enable message header scan" is checked. Note: If you have "Enable message header scan" checked make sure "block the message" is checked as well.
2) Make sure an SPF record is set for your domain on your DNS.
Here is another TID about SPF: https://support.microfocus.com/kb/doc.php?id=7019848
Additional Information
This article was originally published in the GWAVA knowledgebase as article ID 1728.