Руководство Пользователя для Cisco Cisco Email Security Appliance C170
19-33
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 19 Email Authentication
DMARC Verification
DMARC Verification
Domain-based Message Authentication, Reporting and Conformance (DMARC) is a technical
specification created to reduce the potential for email-based abuse. DMARC standardizes how email
receivers perform email authentication using SPF and DKIM mechanisms. To pass DMARC verification,
an email must pass at least one of these authentication mechanisms, and the Authentication Identifiers
must comply with RFC 5322.
specification created to reduce the potential for email-based abuse. DMARC standardizes how email
receivers perform email authentication using SPF and DKIM mechanisms. To pass DMARC verification,
an email must pass at least one of these authentication mechanisms, and the Authentication Identifiers
must comply with RFC 5322.
AsyncOS for Email allows you to:
•
Verify incoming emails using DMARC.
•
Define profiles to override (accept, quarantine, or reject) domain owners’ policies.
•
Send feedback reports to domain owners, which helps to strengthen their authentication
deployments.
deployments.
•
Send delivery error reports to the domain owners if the DMARC aggregate report size exceeds 10
MB or the size specified in the RUA tag of the DMARC record.
MB or the size specified in the RUA tag of the DMARC record.
AsyncOS for Email can handle emails that are compliant with the DMARC specification as submitted
to Internet Engineering Task Force (IETF) on March 31, 2013. For more information, see
to Internet Engineering Task Force (IETF) on March 31, 2013. For more information, see
DMARC Verification Workflow in AsyncOS for Email
The following describes how AsyncOS for Email performs DMARC verification.
1.
A listener configured on AsyncOS receives an SMTP connection.
2.
AsyncOS performs SPF and DKIM verification on the message.
3.
AsyncOS fetches the DMARC record for the sender’s domain from the DNS.
•
If no record is found, AsyncOS skips the DMARC verification and continues processing.
•
If the DNS lookup fails, AsyncOS takes action based on the specified DMARC verification
profile.
profile.
4.
Depending on DKIM and SPF verification results, AsyncOS performs DMARC verification on the
message.
message.
Note
If DKIM and SPF verification is enabled, DMARC verification reuses the DKIM and SPF
verification results.
verification results.
5.
Depending on the DMARC verification result and the specified DMARC verification profile,
AsyncOS accepts, quarantines, or rejects the message. If the message is not rejected due to DMARC
verification failure, AsyncOS continues processing.
AsyncOS accepts, quarantines, or rejects the message. If the message is not rejected due to DMARC
verification failure, AsyncOS continues processing.
6.
AsyncOS sends an appropriate SMTP response and continues processing.
7.
If sending of aggregate reports is enabled, AsyncOS gathers DMARC verification data and includes
it in the daily report sent to the domain owners. For more information about the DMARC aggregate
feedback report, see
it in the daily report sent to the domain owners. For more information about the DMARC aggregate
feedback report, see
Note
If the aggregate report size exceeds 10 MB or the size specified in the RUA tag of the
DMARC record, AsyncOS sends delivery error reports to the domain owners.
DMARC record, AsyncOS sends delivery error reports to the domain owners.