Hornetsecurity Correct SPF Authentication

Proper Configuration

During the upgrade process to Hornetsecurity, there was an issue that caused SPF checks on incoming emails to be deactivated for some accounts. If you or your customers have been receiving a higher-than-normal volume of phishing, you may be affected. 

Cause

This problem affected Zerospam accounts that were NOT using our Outbound Filtering solution at the time of the upgrade. During the upgrade process, a bogus outbound gateway entry would sometimes be created. 

In the Hornetsecurity system, if an outbound gateway exists in the Control Panel and the customer does not have spf.hornetsecurity.com in their SPF record, then this deactivates SPF checks on all incoming email.

Solution

Check your account (or your customer's account) in the Control Panel to see if a bogus outbound gateway was created. If so, delete the entry and activate SPF verifications by following these steps:

  1. Log in to the Control Panel: https://cp.hornetsecurity.com/
  2. In the left pane, select Security Settings
  3. Under Security Settings, select Email Authentication
  4. In the main pane, look for the SENDER AUTHENTICATION header
  5. Make sure Activate SPF check is turned on for all incoming emails