Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
20-36
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 20 Email Authentication
DMARC Verification
DMARC Verification Workflow in AsyncOS for Email
The following describes how AsyncOS for Email performs DMARC verification.
1.
A listener configured on AsyncOS receives an SMTP connection.
2.
AsyncOS performs SPF and DKIM verification on the message.
3.
AsyncOS fetches the DMARC record for the sender’s domain from the DNS.
•
If no record is found, AsyncOS skips the DMARC verification and continues processing.
•
If the DNS lookup fails, AsyncOS takes action based on the specified DMARC verification
profile.
profile.
4.
Depending on DKIM and SPF verification results, AsyncOS performs DMARC verification on the
message.
message.
Note
If DKIM and SPF verification is enabled, DMARC verification reuses the DKIM and SPF
verification results.
verification results.
5.
Depending on the DMARC verification result and the specified DMARC verification profile,
AsyncOS accepts, quarantines, or rejects the message. If the message is not rejected due to DMARC
verification failure, AsyncOS continues processing.
AsyncOS accepts, quarantines, or rejects the message. If the message is not rejected due to DMARC
verification failure, AsyncOS continues processing.
6.
AsyncOS sends an appropriate SMTP response and continues processing.
7.
If sending of aggregate reports is enabled, AsyncOS gathers DMARC verification data and includes
it in the daily report sent to the domain owners. For more information about the DMARC aggregate
feedback report, see
it in the daily report sent to the domain owners. For more information about the DMARC aggregate
feedback report, see
.
Note
If the aggregate report size exceeds 10 MB or the size specified in the RUA tag of the
DMARC record, AsyncOS sends delivery error reports to the domain owners.
DMARC record, AsyncOS sends delivery error reports to the domain owners.
How to Verify Incoming Messages Using DMARC
Table 20-5
How to Verify Incoming Messages Using DMARC
Do This
More Information
Step 1
Create a new DMARC verification profile or
modify the default DMARC verification profile
to meet your requirements.
modify the default DMARC verification profile
to meet your requirements.
Step 2
(Optional) Configure global DMARC settings
to meet your requirements.
to meet your requirements.
Step 3
Configure your mail flow policies to verify
incoming messages using DMARC.
incoming messages using DMARC.