Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
21-24
Cisco AsyncOS 9.5 for Email User Guide
Chapter 21 Email Authentication
Enabling SPF and SIDF
Caution
Although Cisco strongly endorses email authentication globally, at this point in the industry's adoption,
Cisco suggests a cautious disposition for SPF/SIDF authentication failures. Until more organizations
gain greater control of their authorized mail sending infrastructure, Cisco urges customers to avoid
bouncing emails and instead quarantine emails that fail SPF/SIDF verification.
Cisco suggests a cautious disposition for SPF/SIDF authentication failures. Until more organizations
gain greater control of their authorized mail sending infrastructure, Cisco urges customers to avoid
bouncing emails and instead quarantine emails that fail SPF/SIDF verification.
Note
The AsyncOS command line interface (CLI) provides more control settings for SPF level than the web
interface. Based on the SPF verdict, the appliance can accept or reject a message, in SMTP conversation,
on a per listener basis. You can modify the SPF settings when editing the default settings for a listener’s
Host Access Table using the
interface. Based on the SPF verdict, the appliance can accept or reject a message, in SMTP conversation,
on a per listener basis. You can modify the SPF settings when editing the default settings for a listener’s
Host Access Table using the
listenerconfig
command. See the
for more information on the settings.
Enabling SPF and SIDF
To use SPF/SIDF, you must enable SPF/SIDF for a mail flow policy on an incoming listener. You can
enable SPF/SIDF on the listener from the default mail flow policy, or you can enable it for particular
incoming mail flow policies.
enable SPF/SIDF on the listener from the default mail flow policy, or you can enable it for particular
incoming mail flow policies.
Procedure
Step 1
Choose Mail Policies > Mail Flow Policy.
Step 2
Click Default Policy Parameters.
Step 3
In the default policy parameters, view the Security Features section.
Step 4
In the SPF/SIDF Verification section, click On.
Step 5
Set the level of conformance (the default is SIDF-compatible). This option allows you to determine
which standard of SPF or SIDF verification to use. In addition to SIDF conformance, you can choose
SIDF-compatible, which combines SPF and SIDF.
which standard of SPF or SIDF verification to use. In addition to SIDF conformance, you can choose
SIDF-compatible, which combines SPF and SIDF.
Table 21-2
SPF/SIDF Conformance Levels
Conformance Level
Description
SPF
The SPF/SIDF verification behaves according to RFC4408.
- No purported responsible address (PRA) identity verification takes
place.
place.
NOTE: Select this conformance option to test against the HELO
identity.
identity.