Cisco Cisco Email Security Appliance C160 Mode D'Emploi
21-35
Cisco AsyncOS 9.5 for Email User Guide
Chapter 21 Email Authentication
DMARC Verification
. If you find that the verification is effective, then you can use SPF/SIDF verification
as a basis for deciding whether to drop or bounce emails for this specified group of senders.
Procedure
Step 1
Create a mail flow policy for SPF/SIDF verification. Enable SPF/SIDF verification for the mail flow
policy on an incoming listener. For information about enabling SPF/SIDF, see
policy on an incoming listener. For information about enabling SPF/SIDF, see
Step 2
Create a sender group for SPF/SIDF verification and use a naming convention to indicate SPF/SIDF
verification. For information about creating sender groups, see the “Configuring the Gateway to Receive
Mail” chapter.
verification. For information about creating sender groups, see the “Configuring the Gateway to Receive
Mail” chapter.
Step 3
Create an
spf-status
content filter for each type of SPF/SIDF verification. Use a naming convention to
indicate the type of verification. For example, use “SPF-Passed” for messages that pass SPF/SIDF
verification, or “SPF-TempErr” for messages that weren’t passed due to a transient error during
verification. For information about creating an
verification, or “SPF-TempErr” for messages that weren’t passed due to a transient error during
verification. For information about creating an
spf-status
content filter, see
Step 4
After you process a number of SPF/SIDF-verified messages, click Monitor > Content Filters to see how
many messages triggered each of the SPF/SIDF-verified content filters.
many messages triggered each of the SPF/SIDF-verified content filters.
DMARC Verification
Domain-based Message Authentication, Reporting and Conformance (DMARC) is a technical
specification created to reduce the potential for email-based abuse. DMARC standardizes how email
receivers perform email authentication using SPF and DKIM mechanisms. To pass DMARC verification,
an email must pass at least one of these authentication mechanisms, and the Authentication Identifiers
must comply with RFC 5322.
specification created to reduce the potential for email-based abuse. DMARC standardizes how email
receivers perform email authentication using SPF and DKIM mechanisms. To pass DMARC verification,
an email must pass at least one of these authentication mechanisms, and the Authentication Identifiers
must comply with RFC 5322.
AsyncOS for Email allows you to:
•
Verify incoming emails using DMARC.
•
Define profiles to override (accept, quarantine, or reject) domain owners’ policies.
•
Send feedback reports to domain owners, which helps to strengthen their authentication
deployments.
deployments.
•
Send delivery error reports to the domain owners if the DMARC aggregate report size exceeds 10
MB or the size specified in the RUA tag of the DMARC record.
MB or the size specified in the RUA tag of the DMARC record.
AsyncOS for Email can handle emails that are compliant with the DMARC specification as submitted
to Internet Engineering Task Force (IETF) on March 31, 2013. For more information, see
to Internet Engineering Task Force (IETF) on March 31, 2013. For more information, see
Related Topics
•
•