Cisco Cisco Email Security Appliance C170 Guía Del Usuario
18-33
Cisco AsyncOS 8.5 for Email User Guide
Chapter 18 Email Authentication
DMARC Verification
Step 3
Create an
spf-status
content filter for each type of SPF/SIDF verification. Use a naming convention to
indicate the type of verification. For example, use “SPF-Passed” for messages that pass SPF/SIDF
verification, or “SPF-TempErr” for messages that weren’t passed due to a transient error during
verification. For information about creating an
verification, or “SPF-TempErr” for messages that weren’t passed due to a transient error during
verification. For information about creating an
spf-status
content filter, see
Step 4
After you process a number of SPF/SIDF-verified messages, click Monitor > Content Filters to see how
many messages triggered each of the SPF/SIDF-verified content filters.
many messages triggered each of the SPF/SIDF-verified content filters.
DMARC Verification
Domain-based Message Authentication, Reporting and Conformance (DMARC) is a technical
specification created to reduce the potential for email-based abuse. DMARC standardizes how email
receivers perform email authentication using SPF and DKIM mechanisms. To pass DMARC verification,
an email must pass at least one of these authentication mechanisms, and the Authentication Identifiers
must comply with RFC 5322.
specification created to reduce the potential for email-based abuse. DMARC standardizes how email
receivers perform email authentication using SPF and DKIM mechanisms. To pass DMARC verification,
an email must pass at least one of these authentication mechanisms, and the Authentication Identifiers
must comply with RFC 5322.
AsyncOS for Email allows you to:
•
Verify incoming emails using DMARC.
•
Define profiles to override (accept, quarantine, or reject) domain owners’ policies.
•
Send feedback reports to domain owners, which helps to strengthen their authentication
deployments.
deployments.
•
Send delivery error reports to the domain owners if the DMARC aggregate report size exceeds 10
MB or the size specified in the RUA tag of the DMARC record.
MB or the size specified in the RUA tag of the DMARC record.
AsyncOS for Email can handle emails that are compliant with the DMARC specification as submitted
to Internet Engineering Task Force (IETF) on March 31, 2013. For more information, see
to Internet Engineering Task Force (IETF) on March 31, 2013. For more information, see
DMARC Verification Workflow in AsyncOS for Email
The following describes how AsyncOS for Email performs DMARC verification.
1.
A listener configured on AsyncOS receives an SMTP connection.
2.
AsyncOS performs SPF and DKIM verification on the message.
3.
AsyncOS fetches the DMARC record for the sender’s domain from the DNS.
•
If no record is found, AsyncOS skips the DMARC verification and continues processing.
•
If the DNS lookup fails, AsyncOS takes action based on the specified DMARC verification
profile.
profile.
4.
Depending on DKIM and SPF verification results, AsyncOS performs DMARC verification on the
message.
message.
Note
If DKIM and SPF verification is enabled, DMARC verification reuses the DKIM and SPF
verification results.
verification results.