> For the complete documentation index, see [llms.txt](https://docs.shieldsguard.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.shieldsguard.com/shieldsguard-seg/4.-mail-settings/4.3-sender-domain.md). # 4.3 Sender Domain #### ๐Ÿ“– Overview The **Sender Domain** module empowers administrators to manage trust decisions for **email senders** based on their domain or full email address. This includes manual **allow/block actions**, as well as enforcement of **SPF (Sender Policy Framework)** validation outcomes. Itโ€™s your front line for rejecting spoofed messages, phishing attempts, and untrusted senders before they even reach the user. > ๐Ÿ›ก๏ธ This is where you take control of who is allowed to deliver email into your system โ€” and who is not. *** #### ๐Ÿ“‚ Module Sections This module includes two primary areas: *** #### โœ… Domain/Email Filter Settings **Purpose:**\ Manually block or allow senders by domain or full email address. | Field | Description | | ---------------- | ----------------------------------------------------------------------------- | | **Domain/Email** | Enter a domain (e.g., example.com) or full address (e.g., ) | | **Status** | BLOCKED or ALLOWED | | **Date Added** | When the filter was applied | | **Actions** | Delete / Modify | **Use Cases:** * Block spam or phishing domains that bypass filters * Whitelist trusted partners that were mistakenly flagged * Pre-authorize known safe mail sources > ๐ŸŽ›๏ธ This section offers immediate enforcement and overrides engine-based verdicts. *** #### ๐Ÿ” SPF Settings **Purpose:**\ Define how the system handles different **SPF validation outcomes** for inbound mail. SPF (Sender Policy Framework) helps verify whether a domain is authorized to send on behalf of its claimed source. ShieldsGuard supports rule-based enforcement of SPF failures. *** **โœ… SPF Validation States & Configuration Options** | State | Description | Available Actions | | ----------------------- | ---------------------------------------------------------------------------------- | ---------------------------------- | | **Failed** | SPF failed โ€” sender is not listed in domain's DNS; usually spoofed or unauthorized | Reject / Quarantine / Tag / Notify | | **Suspicious Delivery** | Appears sent from unauthorized source but not 100% failed | Allow or Tag with warning | | **Unverified Source** | SPF exists but is incomplete โ€” cannot verify sender | Deliver or Quarantine | | **No Record** | Domain has no SPF record at all | Deliver or Reject | | **Invalid Record** | SPF is misconfigured or malformed โ€” cannot validate | Deliver with tag or drop | | **Temporary Error** | DNS/SPF server unreachable during validation | Deliver with caution | Each status has configurable policies: * โœ… Action (Deliver / Drop / Quarantine / Tag) * ๐Ÿท๏ธ Add custom tags (e.g., `spf-failure`) * ๐Ÿ“ฌ Send alert or notification to admin/SOC *** #### ๐Ÿ”ง Example SPF Use Case: If a phishing message arrives from `bank-login.com` and the SPF check fails: * ShieldsGuard tags the email with `SPF: failure` * Admin sets action to โ€œDrop emailโ€ * The message never reaches the inbox *** #### ๐Ÿ“Š Why It Matters * SPF filtering prevents sender spoofing * Domain-level blocking minimizes threat exposure * You can enforce zero-trust mail sourcing across the org * Protects employees from impersonation (e.g., fake CEO, HR, finance requests) *** #### โœ… Best Practices | Practice | Recommendation | | --------------------------------- | --------------------------------------------------- | | Always drop SPF โ€œFAILโ€ messages | Prevents spoofed domain abuse | | Review โ€œNo Recordโ€ cases manually | Avoid blocking legitimate but misconfigured domains | | Use sender whitelist sparingly | Never allow overly broad or suspicious domains | | Enable tagging for โ€œSuspiciousโ€ | Improve user and SOC visibility | *** > ๐ŸŽฏ With Sender Domain control and SPF enforcement, you build a trustworthy perimeter for your inbox โ€” rejecting impersonation, spam, and misconfigured infrastructure before it causes harm. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.shieldsguard.com/shieldsguard-seg/4.-mail-settings/4.3-sender-domain.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.