550 Rejected by header based Anti-Spoofing policy


When sending accreditation emails from the system you may get rejection emails sent back referring to the Anti Spoofing policy.  This will usually only occur if the accreditation emails are being sent to members of your own company who use the same email domain as the accreditation system.

Spoofing is the forgery of email headers so messages appear to come from someone other than the actual source. This tactic is used in phishing and spam campaigns, as recipients are more likely to open a message that looks legitimate. Anti-Spoofing policies are recommended if you receive large amounts of spoofed mail. They ensure external messages appearing to come from an internal domain are blocked.

Example Rejection Email

Remote Server returned '554 5.3.0 < #5.3.0 smtp; 550 Rejected by header based Anti-Spoofing policy: Accreditation@footballclubfc.com - https://community.mimecast.com/docs/DOC-1369#550 [VUJUo2t1Pr-x_8v9fCw5Og.uk90]>'

Original message headers:

MIME-Version: 1.0
From: "FootballFC Accredit Team" <Accreditation@footballclubfc.com>
To: john.smith@footballclubfc.com
Reply-To: "FootballFC Accredit Team" <Accreditation@footballclubfc.com>
Date: Tue, 16 Feb 2021 11:47:14 +0000
Subject:  Accreditation Application Update


As the Accredit platform is sending emails on your behalf using your domain email address we can sometimes be flagged as spoofing as the platform sits outside of your network and may look suspicious to your automated security systems.

To resolve this issue your IT team or Admininstrator will need to amend the Anti Spoofing rules to allow the Accredit Platform to be recognised as a legitimate partner.

If you do have rejection emails referring to the Anti Spoofing policy then please get in contact with the Accredit Support team and request the up to date AWS IP Address or hostname. Supply the IP address/hostname to your IT team so that they can create an Anti-Spoofing SPF Based Bypass policy for the Accredit AWS IP address to ensure that it is considered legitimate "spoofed" traffic and should be allowed through.

If the problem persists then please inform the Accredit Support Team so that we can work with your IT Team to investigate and resolve the matter.






0 out of 0 found this helpful



Please sign in to leave a comment.