Hi,

We have setup a latest Xeams server for outbund delivery only. Emails are sent outbound from smtp.xxx.com. E-mail flow is working fine but for some emails we are getting "Possible forgery attempted for an outbound message". We noticed that these alerts are generated where FROM address is not smtp.xxx.com. We have 3rd part vendors who owns some equipment in our environments. These equipments are set to sent alerts out to them and FROM address is in format of vendor@vendor-domain-name (not smtp.xxx.com)  Obviously Xeams see vendor messages coming from a different domain, not from actual smtp.xxx.com domain , thus label them as a "forgery attempt". 

We have tried to add vendor's equipment IP's to our smtp.xxx.com domain's SPF record but it did help either. 

Can someone guide us , how can we address this issue? 

Thank you in advance for all your help.

Jamil Ahsan

You can do two things:

1. Configure Xeams not to raise these alerts
2. Fix the problem

Obviously, option 1 won't fix the problem but will simply hide it and therefore, is not recommended.

How to fix the problem

Before fixing the problem, it is important you understand why is this happening. Since your IP address is not allowed to send emails for @vendor-domain-name, emails going out from your IP address will be considered spam by the receiving end. There are two ways to fix this:

1. Ask the vendor to put your public IP in their SPF record. Once done, put the vendor's domain name as a local domain in Xeams. Note the change is needed in vendor's SPF, not yours.
2. Configure your in-house equipments to add a "Sender" header in the emails with an email address in your domain. Xeams will use the value in this header in SMTP communication and therefore, the receiving end will not treat it as forgery