CompTIA CySA+ (CS0-002) — Question 321

An analyst is reviewing email headers to determine if an email has been sent from a legitimate sender. The organization uses SPF to validate email origination. Which of the following most likely indicates an invalid originator?

Answer options

• A. Received-SPF: neutral
• B. Received-SPF: none
• C. Received-SPF: softfail
• D. Received-SPF: error

Correct answer: C

Explanation

A 'Received-SPF: softfail' indicates that the email was likely sent from a host not authorized by the SPF record, suggesting that the originator is not legitimate. In contrast, 'neutral', 'none', and 'error' statuses do not definitively indicate an invalid sender; 'neutral' means the server cannot determine legitimacy, 'none' means no SPF record was found, and 'error' indicates an issue with the SPF check itself.