Symantec Brightmail Gateway can authenticate a sender's IP address by checking it against the published DNS record for the named mail server. If the DNS record includes a hard outbound email policy (one that requires content filtering), and it does not include the sending IP address, Symantec Brightmail Gateway processes the inbound message according to the action that you specify on the Sender Authentication page. If the sender's IP address matches the IP address that is published in DNS record, or if the domain publishes only an informational policy or does not publish a policy at all, no action is taken.
Authenticating the IP addresses of senders can reduce spam because spammers often attempt to forge the mail server name to evade detection. Symantec Brightmail Gateway uses the Sender Policy Framework (SPF) or the Sender ID standard to authenticate sender IP addresses. If you specify domains whose IP addresses you want Symantec Brightmail Gateway to authenticate, the best practice is to specify the highest-level domain possible, such as example.com, because tests for compliance include all subdomains of the specified domain—for example, my.example.com and your.example.com.
Authenticating all domains can significantly increase processing load. Many domains do not publish an outbound email policy, or they publish only an informational policy. Attempting to authenticate the IP addresses belonging to such domains will not produce any action on mail sent from them and can unnecessarily expend processing resources, at times excessively. Authentication is most effective for domains that publish hard policies that are frequently spoofed in phishing attacks.
To enable SPF and Sender ID authentication
To change the default action, or to add additional actions, choose from the drop-down menu. Some action choices display additional fields where you can provide specifics for the action. By default, each failed message has the phrase [sender auth failure] prepended to its subject line.