Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

In addition to reviewing the RFCs, it is a good idea to test your SPF records before you implement SPF 
verification on an Email Security appliance. There are several testing tools available on the openspf.org 
website:

http://www.openspf.org/Tools

You can use the following tool to determine why an email failed an SPF record check:

http://www.openspf.org/Why

In addition, you can enable SPF on a test listener and use Cisco’s 

trace 

CLI command (or perform trace 

from the GUI) to view the SPF results. Using trace, you can easily test different sending IPs.

Although Cisco strongly endorses email authentication globally, at this point in the industry's adoption, 
Cisco suggests a cautious disposition for SPF/SIDF authentication failures. Until more organizations 
gain greater control of their authorized mail sending infrastructure, Cisco urges customers to avoid 
bouncing emails and instead quarantine emails that fail SPF/SIDF verification.

The AsyncOS command line interface (CLI) provides more control settings for SPF level than the web 
interface. Based on the SPF verdict, the appliance can accept or reject a message, in SMTP conversation, 
on a per listener basis. You can modify the SPF settings when editing the default settings for a listener’s 
Host Access Table using the 

listenerconfig

 command. See the 

 for more information on the settings.

(Optional) Create a custom mail flow policy to 
use for verifying incoming messages using 
SPF/SDIF.

Configure your mail flow policies to verify 
incoming messages using SPF/SDIF.

Define the action that the Email Security 
appliance takes on verified messages.

Associate the action with groups of specific 
senders or recipients.

(Optional) Test the results of message 
verification.