Cisco Cisco Email Security Appliance C160 Guía Del Usuario
22-25
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 22 Email Authentication
Enabling SPF and SIDF
Step 5
Set the level of conformance (the default is SIDF-compatible). This option allows you to determine
which standard of SPF or SIDF verification to use. In addition to SIDF conformance, you can choose
SIDF-compatible, which combines SPF and SIDF.
which standard of SPF or SIDF verification to use. In addition to SIDF conformance, you can choose
SIDF-compatible, which combines SPF and SIDF.
Note
More settings are available via the CLI. See
for
more information.
Step 6
If you choose a conformance level of SIDF-compatible, configure whether the verification downgrades
a Pass result of the PRA identity to None if there are Resent-Sender: or Resent-From: headers present in
the message. You might choose this option for security purposes.
a Pass result of the PRA identity to None if there are Resent-Sender: or Resent-From: headers present in
the message. You might choose this option for security purposes.
Step 7
If you choose a conformance level of SPF, configure whether to perform a test against the HELO identity.
You might use this option to improve performance by disabling the HELO check. This can be useful
because the
You might use this option to improve performance by disabling the HELO check. This can be useful
because the
spf-passed
filter rule checks the PRA or the MAIL FROM Identities first. The appliance
only performs the HELO check for the SPF conformance level.
Related Topics
•
•
Table 22-2
SPF/SIDF Conformance Levels
Conformance Level
Description
SPF
The SPF/SIDF verification behaves according to RFC4408.
- No purported responsible address (PRA) identity verification takes
place.
place.
NOTE: Select this conformance option to test against the HELO
identity.
identity.
SIDF
The SPF/SIDF verification behaves according to RFC4406.
-The PRA Identity is determined with full conformance to the standard.
- SPF v1.0 records are treated as spf2.0/mfrom,pra.
- For a nonexistent domain or a malformed identity, a verdict of Fail is
returned.
returned.
SIDF Compatible
The SPF/SIDF verification behaves according to RFC4406 except for
the following differences:
the following differences:
- SPF v1.0 records are treated as spf2.0/mfrom.
- For a nonexistent domain or a malformed identity, a verdict of None is
returned.
returned.
NOTE: This conformance option was introduced at the request of the
OpenSPF community (www.openspf.org).
OpenSPF community (www.openspf.org).