SPF is set to hard fail all other sources (-all). 

Whilst this is the strictest choice, it can lead to email deliverability issues. Soft fail (~all) provides a better compromise between security and reliability for most organisations. For more information, see section 5 of 

 from the Messaging, Malware and Mobile Anti-Abuse Working Group.

Update the SPF record for the domain to soft fail mail that doesn't pass an SPF check, i.e. update to ~all

Risk Severity Ratings

SPF Hard Fail risks

EPSS

Managing Domains and IPs

Hexiosec ASM

Hexiosec ASM (Public)

Organisation and Group Roles

Using Groups

MFA and session expiry

Password Policy

Changing email address

Changing ownership

User and Group Management

Scan Types

Scan Allowances

Seeds and IPs

Scan Limiting

Deleting Scans

Scan Notifications

Managing Scans

Report Terminology

Scan Reports

Health Scores

Managing Actions

EPSS Scoring of Risks

TLS Certificate Risks

Backport Resolvable Risks

Managing Risks

Graph view

Managing CDNs and Shared IPs

Link Changes Endpoint

Creating a scan using the API

Paginating the API Requests

Using the Public API

Hexiosec ASM mobile

Upgrade Recommendations

Contacting Support

Hexiosec ASM User Guides

What is the 'Update pending' notification?

Why isn’t app.fractalscan.com working anymore?

I've changed the device I use for MFA

I've accepted an invite, why can't I see anything?

I don't think this vulnerability applies to me?

I've fixed a risk, why has it not been resolved?

Why is my IP's geographic location not showing, or incorrect?

Will Hexiosec ASM find Malware?

What are primary and secondary assets?

What is a Stale domain?

Can I run scans without permission?

What happens when I delete a scan?

Will the latest CVE be found?

What version is Hexiosec ASM?

Which SSO protocols does ASM support?

FAQs

MSP Specific Guidance