Trend Micro Email Security provides authentication methods such as Sender IP Match, Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) verification, and Domain-based Message Authentication, Reporting & Conformance (DMARC) to protect against email spoofing.
If all these methods are enabled, Trend Micro Email Security evaluates email messages in the following order:
  1. Sender IP Match
  2. SPF check
  3. DKIM verification
  4. DMARC authentication
Trend Micro Email Security keeps evaluating and scanning an email message in the preceding order until encountering an Intercept action. If an email message passes the Sender IP Match check, Trend Micro Email Security skips its own SPF check as well as the SPF check of DMARC authentication for this message.
For details about intercept actions, see Intercept Actions.