Currently, SG only evaluates SPF and Sender ID using a hidden "MAIL FROM" value in the protocol. It would be really nice if the EMail Domain displayed in all of the Message and Quarrantine logs and search options could be used for the SPF evaluation. After all, it is the Visible FROM Email Address impersonation that causes end users to open email from invalid senders. We are having trouble with malware email being sent from infected PCs where the MAIL FROM domain matches the SPF - but the FROM displayed to the users is totally impersonated.

Another option to increase the SPAM score or quarrantine emails where the FROM domain does not match the MAIL FROM domain would be nice.

Also an option to only evaluate the TLD Domain for SPF. Currently the MAIL FROM FQDN is evaluated, not the TLD. For example emails from @list.adp.com do not get evaluated because FQDN "list.adp.com" has no SPF - only the TLD "adp.com" has an SPF.

Without the above options, the SPF and SENDER ID no longer works for ADP.COM (a huge payroll corporation), even though it is obvious from reviewing their SPF records' "hard fail" configuration that ADP.COM seriously does not want to be impersonated.