Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The 

spf-passed

 rule shows the results of SPF verification as a Boolean value. The following example 

shows an 

spf-passed

 rule used to quarantine emails that are not marked as spf-passed:

Unlike the 

spf-status 

rule, the 

spf-passed

 rule reduces the SPF/SIDF verification values to a simple 

Boolean. The following verification results are treated as not passed in the 

spf-passed

 rule: None, 

Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more 
granular results, use the 

spf-status

 rule. 

Test the results of SPF/SIDF verification and use these results to determine how to treat SPF/SIDF 
failures because different organizations implement SPF/SIDF in different ways. Use a combination of 
content filters, message filters, and the Email Security Monitor - Content Filters report to test the results 
of the SPF/SIDF verification.

Your degree of dependence on SPF/SIDF verification determines the level of granularity at which you 
test SPF/SIDF results.

To get a basic measure of the SPF/SIDF verification results for incoming mail, you can use content filters 
and the Email Security Monitor - Content Filters page. This test provides a view of the number of 
messages received for each type of SPF/SIDF verification result. 

Enable SPF/SIDF verification for a mail flow policy on an incoming listener, and use a content filter to 
configure an action to take. For information on enabling SPF/SIDF, see 

quarantine-spf-unauthorized-mail:

    if (not spf-passed) {

        quarantine("Policy");

    }