Cisco Cisco Email Security Appliance C160 Mode D'Emploi
21-33
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 21 Email Authentication
DMARC Verification
DMARC Verification
Domain-based Message Authentication, Reporting and Conformance (DMARC) is a technical
specification created to reduce the potential for email-based abuse. DMARC standardizes how email
receivers perform email authentication using SPF and DKIM mechanisms. To pass DMARC verification,
an email must pass at least one of these authentication mechanisms, and the Authentication Identifiers
must comply with RFC 5322.
specification created to reduce the potential for email-based abuse. DMARC standardizes how email
receivers perform email authentication using SPF and DKIM mechanisms. To pass DMARC verification,
an email must pass at least one of these authentication mechanisms, and the Authentication Identifiers
must comply with RFC 5322.
The Email Security appliance allows you to:
•
Verify incoming emails using DMARC.
•
Define profiles to override (accept, quarantine, or reject) domain owners’ policies.
•
Send feedback reports to domain owners, which helps to strengthen their authentication
deployments.
deployments.
•
Send delivery error reports to the domain owners if the DMARC aggregate report size exceeds 10
MB or the size specified in the RUA tag of the DMARC record.
MB or the size specified in the RUA tag of the DMARC record.
AsyncOS can handle emails that are compliant with the DMARC specification as submitted to Internet
Engineering Task Force (IETF) on March 31, 2013. For more information, see
Engineering Task Force (IETF) on March 31, 2013. For more information, see
Note
The Email Security appliance will not perform DMARC verification of messages from domains with
malformed DMARC records. However, the appliance can receive and process such messages.
malformed DMARC records. However, the appliance can receive and process such messages.
Related Topics
•
•
DMARC Verification Workflow
The following describes how AsyncOS performs DMARC verification.
1.
A listener configured on AsyncOS receives an SMTP connection.
2.
AsyncOS performs SPF and DKIM verification on the message.
3.
AsyncOS fetches the DMARC record for the sender’s domain from the DNS.
•
If no record is found, AsyncOS skips the DMARC verification and continues processing.
•
If the DNS lookup fails, AsyncOS takes action based on the specified DMARC verification
profile.
profile.
4.
Depending on DKIM and SPF verification results, AsyncOS performs DMARC verification on the
message.
message.
Note
If DKIM and SPF verification is enabled, DMARC verification reuses the DKIM and SPF
verification results.
verification results.
5.
Depending on the DMARC verification result and the specified DMARC verification profile,
AsyncOS accepts, quarantines, or rejects the message. If the message is not rejected due to DMARC
verification failure, AsyncOS continues processing.
AsyncOS accepts, quarantines, or rejects the message. If the message is not rejected due to DMARC
verification failure, AsyncOS continues processing.