Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
17-31
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 17 Email Authentication
Testing the SPF/SIDF Results
spf-status Content Filter Rule in the GUI
You can also enable the
spf-status
rule from the content filters in the GUI. However, you cannot check
results against HELO, MAIL FROM, and PRA identities when using the
spf-status
content filter rule.
To add the
spf-status
content filter rule from the GUI, click Mail Policies > Incoming Content
Filters. Then add the SPF Verification filter rule from the Add Condition dialog box. Specify one or
more verification results for the condition.
more verification results for the condition.
After you add the SPF Verification condition, specify an action to perform based on the SPF status. For
example, if the SPF status is SoftFail, you might quarantine the message.
example, if the SPF status is SoftFail, you might quarantine the message.
Using the spf-passed Filter Rule
The
spf-passed
rule shows the results of SPF verification as a Boolean value. The following example
shows an
spf-passed
rule used to quarantine emails that are not marked as spf-passed:
Note
Unlike the
spf-status
rule, the
spf-passed
rule reduces the SPF/SIDF verification values to a simple
Boolean. The following verification results are treated as not passed in the
spf-passed
rule: None,
Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more
granular results, use the
granular results, use the
spf-status
rule.
Testing the SPF/SIDF Results
Test the results of SPF/SIDF verification and use these results to determine how to treat SPF/SIDF
failures because different organizations implement SPF/SIDF in different ways. Use a combination of
content filters, message filters, and the Email Security Monitor - Content Filters report to test the results
of the SPF/SIDF verification.
failures because different organizations implement SPF/SIDF in different ways. Use a combination of
content filters, message filters, and the Email Security Monitor - Content Filters report to test the results
of the SPF/SIDF verification.
Your degree of dependence on SPF/SIDF verification determines the level of granularity at which you
test SPF/SIDF results.
test SPF/SIDF results.
strip-header("Subject");
insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); }
.
quarantine-spf-unauthorized-mail:
if (not spf-passed) {
quarantine("Policy");
}