Important: Enforced SPF and Enforced TLS features are not available for Email Protection Lite plan.

With Email Authentication feature account administrators can customize the delivery of incoming messages which have failed the SPF and TLS checks. To manage the delivery options, navigate in HostPilotĀ® Control Panel to Services > Email Protection > Inbound Policies > Policy > Email Authentication

1

Enforced SPF

By default, messages which failed the SPF checks are delivered as normal. It is possible to change the delivery of the message which failed the SPF checks. 

Enforced SPF settings allow selecting actions for the following situations:

  • Emails that fail the SPF check
  • Emails that 'soft fail' the SPF check
  • Emails that 'error' the SPF check 

Following options can be used for the messages which failed the SPF checks

  • Permanently deleted
    All incoming messages which failed the SPF check will be rejected
  • Move to Admin quarantine
    All incoming messages which failed the SPF check will be moved to Admin Quarantine
  • Move to Junk email folder
    All incoming messages which failed the SPF check will be moved to Junk folder 
  • Move to User Quarantine
    All incoming messages which failed the SPF check will be moved to User Quarantine
  • Deliver as normal
    All incoming messages which failed the SPF check will be delivered to Inbox
  • Delivered to Inbox with tag
    All incoming messages which failed the SPF check will be delivered to Inbox with default [SPF FAIL] / [SPF FAIL] / [SPF ERROR] or customized tag

2

Note: Move to Junk email folder or Move to User Quarantine options depend on Message Routing option in Settings. Read the Knowledge Base article on Email Protection: Message Routing for more information.

Enforced TLS

By default, messages which failed the TLS check are delivered as normal. You can customize the delivery of those messages.

The following options are available for messages which failed the TLS check:

  • Permanently deleted
    All incoming messages which failed the TLS check will be rejected
  • Move to Admin quarantine
    All incoming messages which failed the TLS check will be moved to Admin Quarantine
  • Move to Junk email folder
    All incoming messages which failed the TLS check will be moved to Junk folder 
  • Move to User Quarantine
    All incoming messages which failed the TLS check will be moved to User Quarantine
  • Deliver as normal
    All incoming messages which failed the TLS check will be delivered to Inbox
  • Delivered to Inbox with tag
    All incoming messages which failed the TLS check will be delivered to Inbox with default [TLS FAIL] or customized tag

3

Note: Move to Junk email folder or Move to User Quarantine options are depend on Message Routing option in Settings.

Sender Specific settings

It is possible to create custom delivery settings for certain senders or domains emails from which failed the SPF and TLS checks. 

Sender Specific feature is available both for Enforced SPF and Enforced TLS. 

In Sender Specific for Enforced TLS email addresses, domains and IP addresses can be added. 

In Sender Specific for Enforced SPF only email addresses and domain can be added.

The routing options are the same, but they will be applied only to addresses mentioned in the specific senders list and override the default delivery method.

To modify the settings or add the addresses to Sender specific list, navigate to Services > Email Protection > Inbound Policies > Policy > Email Authentication and under Sender specific settings click Manage Settings

4