Cisco Cisco Email Security Appliance C650 Guía Del Usuario
5-25
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Chapter 5 Email Authentication
Overview of SPF and SIDF Verification
IronPort AsyncOS supports Sender Policy Framework (SPF) and Sender ID
Framework (SIDF) verification. SPF and SIDF are methods for verifying
authenticity of email based on DNS records. SPF and SIDF allow the owner of an
Internet domain to use a special format of DNS TXT records to specify which
machines are authorized to transmit email for that domain.
Framework (SIDF) verification. SPF and SIDF are methods for verifying
authenticity of email based on DNS records. SPF and SIDF allow the owner of an
Internet domain to use a special format of DNS TXT records to specify which
machines are authorized to transmit email for that domain.
When you use SPF/SIDF authentication, the senders publish SPF records
specifying which hosts are permitted to use their names, and compliant mail
receivers use the published SPF records to test the authorization of the sending
Mail Transfer Agent’s identity during a mail transaction.
specifying which hosts are permitted to use their names, and compliant mail
receivers use the published SPF records to test the authorization of the sending
Mail Transfer Agent’s identity during a mail transaction.
Note
Because SPF checks require parsing and evaluation, AsyncOS performance may
be impacted. In addition, be aware that SPF checks increase the load on your DNS
infrastructure.
be impacted. In addition, be aware that SPF checks increase the load on your DNS
infrastructure.
When you work with SPF and SIDF, note that SIDF is similar to SPF, but it has
some differences. To get a full description of the differences between SIDF and
SPF, see RFC
some differences. To get a full description of the differences between SIDF and
SPF, see RFC
4406. F
or the purposes of this documentation, the two terms are
discussed together except in the cases where only one type of verification applies.
Note
AsyncOS does not support SPF for incoming relays, and AsyncOS does not
support SPF for IPv6.
support SPF for IPv6.
A Note About Valid SPF Records
To use SPF and SIDF with an IronPort appliance, publish the SPF record
according to the RFCs 4406 and 4408. Review RFC 4407 for a definition of how
the PRA identity is determined. You may also want to refer to the following
website to view common mistakes made when creating SPF and SIDF records:
according to the RFCs 4406 and 4408. Review RFC 4407 for a definition of how
the PRA identity is determined. You may also want to refer to the following
website to view common mistakes made when creating SPF and SIDF records:
http://www.openspf.org/FAQ/Common_mistakes