CompTIA CySA+ (CS0-002) — Question 222

A security analyst is evaluating the following support ticket:

Issue: Marketing campaigns are being filtered by the customer’s email servers.
Description: Our marketing partner cannot send emails using our email address. The following log messages were collected from multiple customers:

• The SPF result is PermError.
• The SPF result is SoftFail or Fail.
• The 550 SPF check failed.

Which of the following should the analyst do next?

Answer options

• A. Ask the marketing partner’s ISP to disable the DKIM setting.
• B. Request approval to disable DMARC on the company’s ISP.
• C. Ask the customers to disable SPF validation.
• D. Request a configuration change on the company’s public DNS.

Correct answer: D

Explanation

The correct action is to request a configuration change on the company’s public DNS to fix the SPF issues causing email filtering. Disabling DKIM or DMARC does not address the root cause of the SPF errors, and asking customers to disable SPF validation is not a viable solution as it compromises email security.