Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Although Cisco strongly endorses email authentication globally, at this point in the industry's adoption, 
Cisco suggests a cautious disposition for SPF/SIDF authentication failures. Until more organizations 
gain greater control of their authorized mail sending infrastructure, Cisco urges customers to avoid 
bouncing emails and instead quarantine emails that fail SPF/SIDF verification.

The AsyncOS command line interface (CLI) provides more control settings for SPF level than the web 
interface. Based on the SPF verdict, the appliance can accept or reject a message, in SMTP conversation, 
on a per listener basis. You can modify the SPF settings when editing the default settings for a listener’s 
Host Access Table using the 

listenerconfig

 command. See the 

 for more information on the settings.

To use SPF/SIDF, you must enable SPF/SIDF for a mail flow policy on an incoming listener. You can 
enable SPF/SIDF on the listener from the default mail flow policy, or you can enable it for particular 
incoming mail flow policies. 

Choose Mail Policies > Mail Flow Policy.

Click Default Policy Parameters.

In the default policy parameters, view the Security Features section.

In the SPF/SIDF Verification section, click On.

Set the level of conformance (the default is SIDF-compatible). This option allows you to determine 
which standard of SPF or SIDF verification to use. In addition to SIDF conformance, you can choose 
SIDF-compatible, which combines SPF and SIDF.

SPF

The SPF/SIDF verification behaves according to RFC4408.

- No purported responsible address (PRA) identity verification takes 
place.

NOTE: Select this conformance option to test against the HELO 
identity.