Cisco Cisco Email Security Appliance C190 Guia Do Utilizador

19-23

Cisco AsyncOS 8.5.6 for Email User Guide

Chapter 19 Email Authentication

How to Verify Incoming Messages Using SPF/SDIF

Testing Your SPF Records

In addition to reviewing the RFCs, it is a good idea to test your SPF records before you implement SPF
verification on an Email Security appliance. There are several testing tools available on the openspf.org
website:

http://www.openspf.org/Tools

You can use the following tool to determine why an email failed an SPF record check:

http://www.openspf.org/Why

In addition, you can enable SPF on a test listener and use Cisco’s

trace

CLI command (or perform trace

from the GUI) to view the SPF results. Using trace, you can easily test different sending IPs.

How to Verify Incoming Messages Using SPF/SDIF

Warning

Although Cisco strongly endorses email authentication globally, at this point in the industry's
adoption, Cisco suggests a cautious disposition for SPF/SIDF authentication failures. Until more
organizations gain greater control of their authorized mail sending infrastructure, Cisco urges
customers to avoid bouncing emails and instead quarantine emails that fail SPF/SIDF verification.

Note

The AsyncOS command line interface (CLI) provides more control settings for SPF level than the web
interface. Based on the SPF verdict, the appliance can accept or reject a message, in SMTP conversation,
on a per listener basis. You can modify the SPF settings when editing the default settings for a listener’s
Host Access Table using the

listenerconfig

command. See the

Enabling SPF and SIDF via the CLI,

page 19-25

for more information on the settings.

Table 19-2

How to Verify Incoming Messages Using SPF/SDIF

Do This

More Info

Step 1

(Optional) Create a custom mail flow policy to
use for verifying incoming messages using
SPF/SDIF.

Defining Rules for Incoming Messages Using
Policy, page 7-15