Important: Enforced SPF and Enforced TLS features are not available for Email Protection Lite plans.

With Email Authentication feature account administrators can customize the delivery of incoming messages which have failed the SPF and TLS checks. To manage the delivery options, navigate to HostPilotĀ® Control Panel > Services > Email Protection > Inbound Policies > Policy > Email Authentication.

1

Enforced SPF

By default messages which failed the SPF checks are delivered as normal. It is possible to change the delivery of the message which failed the SPF checks. 

Enforced SPF settings allow to select actions for the following situations:

  • Emails that fails the SPF check - emails relayed outside of permitted IPs in the SPF record with -all SPF qualifier
  • Emails that 'soft fail' the SPF check - emails relayed outside of permitted IPs in the SPF record with ~all SPF qualifier
  • Emails that 'error' the SPF check - emails from domains which do not have an SPF record or the SPF record contains syntax errors

Following options can be used for the messages which failed the SPF checks:

  • Emails that fail the SPF check will be Tagged with a [SPF FAIL] subject tag
  • Emails that 'soft fail' the SPF check will be Tagged with a [SPF FAIL] subject tag
  • Emails that 'error' the SPF check will be Tagged with a [SPF ERROR] subject tag
  • Permanently deleted
  • Move to Admin quarantine
  • Move to Junk email folder
  • Move to User Quarantine
  • Deliver as normal

When Tags are applied, messages are delivered to Inbox with a tag.

2

Note: Move to Junk email folder or Move to User Quarantine options depend on Message Routing option in Settings. Refer to the following article for additional information.

Enforced TLS

By default, messages which failed the TLS check are delivered as normal. You can customize the delivery of those messages.

The following options are available for messages which failed the TLS check:

  • Emails not delivered using TLS will be Tagged with [TLS FAIL] subject tag 
  • Permanently deleted
  • Move to Admin quarantine
  • Move to Junk email folder
  • Move to User Quarantine
  • Deliver as normal

When Tags are applied, messages are delivered to Inbox with a tag.

3

Note: Move to Junk email folder or Move to User Quarantine options depend on Message Routing option in Settings. Refer to the following article for additional information.

Sender Specific settings

It is possible to create custom delivery settings for certain senders or domains emails from which failed the SPF and TLS checks. 

Sender Specific feature is available both for Enforced SPF and Enfroced TLS. 

In Sender Specific for Enforced TLS email addresses, domains and IP addresses can be added. 

In Sender Specific for Enforced SPF only email addresses and domain can be added.

The routing options are the same but they will be applied only to addresses mentioned in the specific senders list and override the default delivery method.

To modify the settings or add the addresses to Sender specific list, navigate to Services > Email Protection > Inbound Policies > Policy > Email Authentication and under Sender Specific settings click Manage Settings

4

Require Authentication

With Email Authentication you can also require messages from a Safe Sender to be successfully authenticated in order for the specified sender to be considered as indeed safe sender. Refer to the following article Email Protection: Policy Level Safe & Blocked Senders Lists for additional information.

Also, you can choose to bypass the Anti-Phishing domain impersonation check for successfully authenticated emails. Refer to the following article Email Protection: Managing Anti-Phishing And Anti-Spoofing Policies for additional information.