This article applies to:
- Trustwave MailMarshal (SEG)
Question:
- Why am I receiving spoofed mail addressed from recipients within my domain?
Causes:
- The likely reason is that a domain wildcard for the domain or individual addresses have been included in a User Group used to bypass rule processing, and due to the sequence of the rules, MailMarshal is skipping the Anti Spam and Spoofing rules.
Resolution:
- Review your bypass or allow lists carefully. In most cases you should not include addresses from your own domain in an allow list for incoming messages.
- Adjust the rules so that allow lists are applied appropriately.
Notes:
For more information see the following Trustwave Knowledgebase article:
Q10208: How do I allow legitimately spoofed email and block all other spoofed email?