Cisco Cisco Email Security Appliance C170 Mode D'Emploi
21-21
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 21 Email Authentication
Overview of SPF and SIDF Verification
Configuring an Action for DKIM Verified Mail
When you verify DKIM mail, an Authentication-Results header is added to the mail, but the mail is
accepted regardless of the authentication result. To configure actions based on these authentication
results, you can create a content filter to perform actions on the DKIM-verified mail. For example, if
DKIM verification fails, you may want configure the mail to be delivered, bounced, dropped, or sent to
a quarantine. To do this, you must configure an action using a content filter.
accepted regardless of the authentication result. To configure actions based on these authentication
results, you can create a content filter to perform actions on the DKIM-verified mail. For example, if
DKIM verification fails, you may want configure the mail to be delivered, bounced, dropped, or sent to
a quarantine. To do this, you must configure an action using a content filter.
Procedure
Step 1
Choose Mail Policies > Incoming Filters.
Step 2
Click Add Filter.
Step 3
In the Conditions section, click Add Condition.
Step 4
Select DKIM Authentication from the list of conditions.
Step 5
Choose a DKIM condition. Select one of the following options:
•
Pass. The message passed the authentication tests.
•
Neutral. Authentication was not performed.
•
Temperror. A recoverable error occurred.
•
Permerror. An unrecoverable error occurred.
•
Hardfail. The authentication tests failed.
•
None. The message was not signed.
Step 6
Select an action to associate with the condition. For example, if the DKIM verification fails, you may
want to notify the recipient and bounce the message. Or, if DKIM verification passes, you may want to
deliver the message immediately without further processing.
want to notify the recipient and bounce the message. Or, if DKIM verification passes, you may want to
deliver the message immediately without further processing.
Step 7
Submit the new content filter.
Step 8
Enable the content filter on the appropriate incoming mail policy.
Step 9
Commit your changes.
Overview of SPF and SIDF Verification
AsyncOS supports Sender Policy Framework (SPF) and Sender ID Framework (SIDF) verification. SPF
and SIDF are methods for verifying authenticity of email based on DNS records. SPF and SIDF allow
the owner of an Internet domain to use a special format of DNS TXT records to specify which machines
are authorized to transmit email for that domain. Compliant mail receivers then use the published SPF
records to test the authorization of the sending Mail Transfer Agent’s identity during a mail transaction.
and SIDF are methods for verifying authenticity of email based on DNS records. SPF and SIDF allow
the owner of an Internet domain to use a special format of DNS TXT records to specify which machines
are authorized to transmit email for that domain. Compliant mail receivers then use the published SPF
records to test the authorization of the sending Mail Transfer Agent’s identity during a mail transaction.
When you use SPF/SIDF authentication, the senders publish SPF records specifying which hosts are
permitted to use their names, and compliant mail receivers use the published SPF records to test the
authorization of the sending Mail Transfer Agent’s identity during a mail transaction.
permitted to use their names, and compliant mail receivers use the published SPF records to test the
authorization of the sending Mail Transfer Agent’s identity during a mail transaction.
Note
Because SPF checks require parsing and evaluation, AsyncOS performance may be impacted. In
addition, be aware that SPF checks increase the load on your DNS infrastructure.
addition, be aware that SPF checks increase the load on your DNS infrastructure.