Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

You can also enable the 

spf-status

 rule from the content filters in the GUI. However, you cannot check 

results against HELO, MAIL FROM, and PRA identities when using the 

spf-status 

content filter rule.

To add the 

spf-status

 content filter rule from the GUI, click Mail Policies > Incoming Content 

Filters. Then add the SPF Verification filter rule from the Add Condition dialog box. Specify one or 
more verification results for the condition.

After you add the SPF Verification condition, specify an action to perform based on the SPF status. For 
example, if the SPF status is SoftFail, you might quarantine the message.

The 

spf-passed

 rule shows the results of SPF verification as a Boolean value. The following example 

shows an 

spf-passed

 rule used to quarantine emails that are not marked as spf-passed:

Unlike the 

spf-status 

rule, the 

spf-passed

 rule reduces the SPF/SIDF verification values to a simple 

Boolean. The following verification results are treated as not passed in the 

spf-passed

 rule: None, 

Neutral, Softfail, TempError, PermError, and Fail. To perform actions on messages based on more 
granular results, use the 

spf-status

 rule. 

Test the results of SPF/SIDF verification and use these results to determine how to treat SPF/SIDF 
failures because different organizations implement SPF/SIDF in different ways. Use a combination of 
content filters, message filters, and the Email Security Monitor - Content Filters report to test the results 
of the SPF/SIDF verification.

Your degree of dependence on SPF/SIDF verification determines the level of granularity at which you 
test SPF/SIDF results.

         strip-header("Subject");

         insert-header("Subject", "[POTENTIAL PHISHING] $Subject"); }

.

quarantine-spf-unauthorized-mail:

    if (not spf-passed) {

        quarantine("Policy");

    }