4.3 Sender Domain

📖 Overview

The Sender Domain module empowers administrators to manage trust decisions for email senders based on their domain or full email address. This includes manual allow/block actions, as well as enforcement of SPF (Sender Policy Framework) validation outcomes.

It’s your front line for rejecting spoofed messages, phishing attempts, and untrusted senders before they even reach the user.

🛡️ This is where you take control of who is allowed to deliver email into your system — and who is not.

📂 Module Sections

This module includes two primary areas:

✅ Domain/Email Filter Settings

Purpose: Manually block or allow senders by domain or full email address.

Field

Description

Domain/Email

Enter a domain (e.g., example.com) or full address (e.g., name@example.com)

Status

BLOCKED or ALLOWED

Date Added

When the filter was applied

Actions

Delete / Modify

Use Cases:

Block spam or phishing domains that bypass filters
Whitelist trusted partners that were mistakenly flagged
Pre-authorize known safe mail sources

🎛️ This section offers immediate enforcement and overrides engine-based verdicts.

🔐 SPF Settings

Purpose: Define how the system handles different SPF validation outcomes for inbound mail.

SPF (Sender Policy Framework) helps verify whether a domain is authorized to send on behalf of its claimed source. ShieldsGuard supports rule-based enforcement of SPF failures.

✅ SPF Validation States & Configuration Options

State

Description

Available Actions

Failed

SPF failed — sender is not listed in domain's DNS; usually spoofed or unauthorized

Reject / Quarantine / Tag / Notify

Suspicious Delivery

Appears sent from unauthorized source but not 100% failed

Allow or Tag with warning

Unverified Source

SPF exists but is incomplete — cannot verify sender

Deliver or Quarantine

No Record

Domain has no SPF record at all

Deliver or Reject

Invalid Record

SPF is misconfigured or malformed — cannot validate

Deliver with tag or drop

Temporary Error

DNS/SPF server unreachable during validation

Deliver with caution

Each status has configurable policies:

✅ Action (Deliver / Drop / Quarantine / Tag)
🏷️ Add custom tags (e.g., spf-failure)
📬 Send alert or notification to admin/SOC

🔧 Example SPF Use Case:

If a phishing message arrives from bank-login.com and the SPF check fails:

ShieldsGuard tags the email with SPF: failure
Admin sets action to “Drop email”
The message never reaches the inbox

📊 Why It Matters

SPF filtering prevents sender spoofing
Domain-level blocking minimizes threat exposure
You can enforce zero-trust mail sourcing across the org
Protects employees from impersonation (e.g., fake CEO, HR, finance requests)

✅ Best Practices

Practice

Recommendation

Always drop SPF “FAIL” messages

Prevents spoofed domain abuse

Review “No Record” cases manually

Avoid blocking legitimate but misconfigured domains

Use sender whitelist sparingly

Never allow overly broad or suspicious domains

Enable tagging for “Suspicious”

Improve user and SOC visibility

🎯 With Sender Domain control and SPF enforcement, you build a trustworthy perimeter for your inbox — rejecting impersonation, spam, and misconfigured infrastructure before it causes harm.

Previous4.2 Mail Body

Last updated 9 days ago

4.3 Sender Domain

📖 Overview

It’s your front line for rejecting spoofed messages, phishing attempts, and untrusted senders before they even reach the user.

🛡️ This is where you take control of who is allowed to deliver email into your system — and who is not.

📂 Module Sections

This module includes two primary areas:

✅ Domain/Email Filter Settings

Purpose: Manually block or allow senders by domain or full email address.

Field

Description

Domain/Email

Enter a domain (e.g., example.com) or full address (e.g., name@example.com)

Status

BLOCKED or ALLOWED

Date Added

When the filter was applied

Actions

Delete / Modify

Use Cases:

Block spam or phishing domains that bypass filters
Whitelist trusted partners that were mistakenly flagged
Pre-authorize known safe mail sources

🎛️ This section offers immediate enforcement and overrides engine-based verdicts.

🔐 SPF Settings

Purpose: Define how the system handles different SPF validation outcomes for inbound mail.

SPF (Sender Policy Framework) helps verify whether a domain is authorized to send on behalf of its claimed source. ShieldsGuard supports rule-based enforcement of SPF failures.

✅ SPF Validation States & Configuration Options

State

Description

Available Actions

Failed

SPF failed — sender is not listed in domain's DNS; usually spoofed or unauthorized

Reject / Quarantine / Tag / Notify

Suspicious Delivery

Appears sent from unauthorized source but not 100% failed

Allow or Tag with warning

Unverified Source

SPF exists but is incomplete — cannot verify sender

Deliver or Quarantine

No Record

Domain has no SPF record at all

Deliver or Reject

Invalid Record

SPF is misconfigured or malformed — cannot validate

Deliver with tag or drop

Temporary Error

DNS/SPF server unreachable during validation

Deliver with caution

Each status has configurable policies:

✅ Action (Deliver / Drop / Quarantine / Tag)
🏷️ Add custom tags (e.g., spf-failure)
📬 Send alert or notification to admin/SOC

🔧 Example SPF Use Case:

If a phishing message arrives from bank-login.com and the SPF check fails:

ShieldsGuard tags the email with SPF: failure
Admin sets action to “Drop email”
The message never reaches the inbox

📊 Why It Matters

SPF filtering prevents sender spoofing
Domain-level blocking minimizes threat exposure
You can enforce zero-trust mail sourcing across the org
Protects employees from impersonation (e.g., fake CEO, HR, finance requests)

✅ Best Practices

Practice

Recommendation

Always drop SPF “FAIL” messages

Prevents spoofed domain abuse

Review “No Record” cases manually

Avoid blocking legitimate but misconfigured domains

Use sender whitelist sparingly

Never allow overly broad or suspicious domains

Enable tagging for “Suspicious”

Improve user and SOC visibility

🎯 With Sender Domain control and SPF enforcement, you build a trustworthy perimeter for your inbox — rejecting impersonation, spam, and misconfigured infrastructure before it causes harm.

Previous4.2 Mail Body

Last updated 9 days ago