Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

When you work with SPF and SIDF, note that SIDF is similar to SPF, but it has some differences. To get 
a full description of the differences between SIDF and SPF, see RFC 

4406. F

or the purposes of this 

documentation, the two terms are discussed together except in the cases where only one type of 
verification applies.

AsyncOS does not support SPF for incoming relays.

To use SPF and SIDF with a appliance, publish the SPF record according to the RFCs 4406 and 4408. 
Review RFC 4407 for a definition of how the PRA identity is determined. You may also want to refer to 
the following website to view common mistakes made when creating SPF and SIDF records:

http://www.openspf.org/FAQ/Common_mistakes

To pass the SPF HELO check, ensure that you include a “v=spf1 a –all” SPF record for each sending 
MTA (separate from the domain). If you do not include this record, the HELO check will likely result in 
a None verdict for the HELO identity. If you notice that SPF senders to your domain return a high 
number of None verdicts, these senders may not have included a “v=spf1 a –all” SPF record for each 
sending MTA.

To support the SIDF framework, you need to publish both “v=spf1” and “spf2.0” records. For example, 
your DNS record may look like the following example:

SIDF does not verify the HELO identity, so in this case, you do not need to publish SPF v2.0 records for 
each sending MTA. 

If you choose not to support SIDF, publish an “spf2.0/pra ~all” record. 

example.com. TXT "v=spf1 +mx a:colo.example.com/28 -all"

smtp-out.example.com TXT "v=spf1 a -all"

example.com. TXT "spf2.0/mfrom,pra +mx a:colo.example.com/28 -all"