Cisco Cisco Email Security Appliance C160 Guía Del Usuario
C H A P T E R
5-1
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
5
Email Authentication
Cisco IronPort AsyncOS supports several forms of email authentication, including Sender Policy
Framework (SPF), Sender ID Framework (SIDF), DomainKeys and DomainKeys Identified Mail
(DKIM).
Framework (SPF), Sender ID Framework (SIDF), DomainKeys and DomainKeys Identified Mail
(DKIM).
DomainKeys and DKIM verify the authenticity of email based on a signing key used by the sender. SPF
and SIDF are methods for verifying the authenticity of email based on DNS TXT records. SPF and SIDF
allow the owner of an Internet domain to use a special format of DNS records to designate which
machines are authorized to send email for that domain.
and SIDF are methods for verifying the authenticity of email based on DNS TXT records. SPF and SIDF
allow the owner of an Internet domain to use a special format of DNS records to designate which
machines are authorized to send email for that domain.
This chapter contains the following sections:
•
•
•
•
•
•
•
•
•
Email Authentication Overview
Cisco IronPort AsyncOS supports several forms of email authentication to prevent email forgery. To
verify incoming mail, AsyncOS supports Sender Policy Framework (SPF), Sender ID Framework
(SIDF), and DomainKeys Identified Mail (DKIM). To sign outgoing mail, AsyncOS supports
DomainKeys and DKIM.
verify incoming mail, AsyncOS supports Sender Policy Framework (SPF), Sender ID Framework
(SIDF), and DomainKeys Identified Mail (DKIM). To sign outgoing mail, AsyncOS supports
DomainKeys and DKIM.
With DomainKeys or DKIM email authentication, the sender signs the email using public key
cryptography. The verified domain can then be used to detect forgeries by comparing it with the domain
in the From: (or Sender:) header of the email. The current version of AsyncOS supports email signing
for DomainKeys, and it supports both email signing and verification for DKIM. For more information
about DomainKeys and DKIM, see
cryptography. The verified domain can then be used to detect forgeries by comparing it with the domain
in the From: (or Sender:) header of the email. The current version of AsyncOS supports email signing
for DomainKeys, and it supports both email signing and verification for DKIM. For more information
about DomainKeys and DKIM, see
.