SPF is set to hard fail all other sources (-all). 

Whilst this is the strictest choice, it can lead to email deliverability issues. Soft fail (~all) provides a better compromise between security and reliability for most organisations. For more information, see section 5 of 

 from the Messaging, Malware and Mobile Anti-Abuse Working Group.

Update the SPF record for the domain to soft fail mail that doesn't pass an SPF check, i.e. update to ~all

Risk Severity Ratings

SPF Hard Fail risks

Managing Domains

Hexiosec ASM

Hexiosec ASM (Public)

Organisation and Group Roles

Using Groups

MFA and session expiry

Password Policy

Changing email address

Changing ownership

User and Group Management

Scan Types

Scan Allowances

Seeds and IPs

Scan Limiting

Deleting Scans

Scan Notifications

Managing Scans

Report Terminology

Scan Reports

Health Scores

Managing Actions

TLS Certificate Risks

Backport Resolvable Risks

Managing Risks

Graph view

Managing CDNs and Shared IPs

Creating a scan using the API

Paginating the API Requests

Using the Public API

Hexiosec ASM mobile

Upgrade Recommendations

Contacting Support

User Guides

I've changed the device I use for MFA

I've accepted an invite, why can't I see anything?

I don't think this vulnerability applies to me?

Why has my scan not updated after I've made a fix?

Why is my IP's geographic location not showing, or incorrect?

Will Hexiosec ASM find Malware?

What is out of scope?

What is a Stale domain?

Can I run scans without permission?

What happens when I delete a scan?

Will the latest CVE be found?

What version is Hexiosec ASM?

Which SSO protocols does ASM support?

FAQs

MSP Specific Guidance