Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
19-22
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 19 Email Authentication
Enabling SPF and SIDF
for more information on the settings.
Enabling SPF and SIDF
To use SPF/SIDF, you must enable SPF/SIDF for a mail flow policy on an incoming listener. You can
enable SPF/SIDF on the listener from the default mail flow policy, or you can enable it for particular
incoming mail flow policies.
enable SPF/SIDF on the listener from the default mail flow policy, or you can enable it for particular
incoming mail flow policies.
Procedure
Step 1
Choose Mail Policies > Mail Flow Policy.
Step 2
Click Default Policy Parameters.
Step 3
In the default policy parameters, view the Security Features section.
Step 4
In the SPF/SIDF Verification section, click On.
Step 5
Set the level of conformance (the default is SIDF-compatible). This option allows you to determine
which standard of SPF or SIDF verification to use. In addition to SIDF conformance, you can choose
SIDF-compatible, which combines SPF and SIDF.
which standard of SPF or SIDF verification to use. In addition to SIDF conformance, you can choose
SIDF-compatible, which combines SPF and SIDF.
Note
More settings are available via the CLI. See
for
more information.
Table 19-3
SPF/SIDF Conformance Levels
Conformance Level
Description
SPF
The SPF/SIDF verification behaves according to RFC4408.
- No purported responsible address (PRA) identity verification takes
place.
place.
NOTE: Select this conformance option to test against the HELO
identity.
identity.
SIDF
The SPF/SIDF verification behaves according to RFC4406.
-The PRA Identity is determined with full conformance to the standard.
- SPF v1.0 records are treated as spf2.0/mfrom,pra.
- For a nonexistent domain or a malformed identity, a verdict of Fail is
returned.
returned.
SIDF Compatible
The SPF/SIDF verification behaves according to RFC4406 except for
the following differences:
the following differences:
- SPF v1.0 records are treated as spf2.0/mfrom.
- For a nonexistent domain or a malformed identity, a verdict of None is
returned.
returned.
NOTE: This conformance option was introduced at the request of the
OpenSPF community (www.openspf.org).
OpenSPF community (www.openspf.org).