We have added functionality that enables customers to filter forensic reports based on the following pieces of information:
senderIP (with CIDR syntax)
The authservID, spf, dkim, dkimDomain and senderIP are all taken from the “authentication-results:” email header. An example is shown below.
To search for reports that have soft failed SPF you would type the following:
You could also combine searches such as in the following examples:
+spf:softfail +senderIP:192.168.1.1 - prefixing the two with “+” brings back results that contain both ie. AND operation.
spf:softfail senderIP:192.168.1.1 - not prefixing the two words with “+”brings back results that contain either one ie. OR operation.
For further explanation please see our video below.