| Situation | Emails from trusted senders are being quarantined as Fraud despite being in the safe sender list. |
|---|---|
| Solution | Individual domains can be added as exceptions for DMARC, DKIM and/or SPF respectively. |
Important: Each Exception List check will be against different domain values
DMARC Exceptions - will check against the "From Header" domainSPF Exceptions - will check against the Envelope Sender domainDKIM Exceptions - will check against the d= domain value in the signature
For more information on the different domain values, see this article on how DMARC works with Proofpoint Essentials.
How To Add A Domain As An Exception
Best Practice: While the exception list allows you to bypass Anti-Spoof checks for specific domains, the best long-term and more permanent solution is to have the owner of the sending domain to address any issues they might have with their SPF/DKIM/DMARC records.
- In the sidebar, under Security Settings, navigate to Malicious Content > Anti-Spoofing.
- Under the policy you want to bypass (Inbound DMARC, DKIM or SPF) click Manage Exceptions.
- This will open a drawer to the right; from here, select + Add Exception.
- Enter a valid domain into the field and select Add.
Note: Only domains are accepted currently. IP Addresses as well as individual email addresses will not work.
- The domain is added as an exception and the changes are saved automatically. Close the Exception List.
Note: Changes to the Anti-Spoofing Policies, including exceptions, can take up to 60 minutes.
Carlos Rios
Comments