Cisco Cisco Email Security Appliance C160 用户指南
Chapter 5 Email Authentication
5-2
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Email Authentication Overview
IronPort AsyncOS supports several forms of email authentication to prevent email
forgery. To verify incoming mail, AsyncOS supports Sender Policy Framework
(SPF), Sender ID Framework (SIDF), and DomainKeys Identified Mail (DKIM).
To sign outgoing mail, AsyncOS supports DomainKeys and DKIM.
forgery. To verify incoming mail, AsyncOS supports Sender Policy Framework
(SPF), Sender ID Framework (SIDF), and DomainKeys Identified Mail (DKIM).
To sign outgoing mail, AsyncOS supports DomainKeys and DKIM.
With DomainKeys or DKIM email authentication, the sender signs the email
using public key cryptography. The verified domain can then be used to detect
forgeries by comparing it with the domain in the From: (or Sender:) header of the
email. The current version of AsyncOS supports email signing for DomainKeys,
and it supports both email signing and verification for DKIM. For more
information about DomainKeys and DKIM, see
using public key cryptography. The verified domain can then be used to detect
forgeries by comparing it with the domain in the From: (or Sender:) header of the
email. The current version of AsyncOS supports email signing for DomainKeys,
and it supports both email signing and verification for DKIM. For more
information about DomainKeys and DKIM, see
SPF and SIDF email authentication allow the owners of Internet domains to use a
special format of DNS TXT records to specify which machines are authorized to
transmit email for their domains. Compliant mail receivers then use the published
SPF records to test the authorization of the sending Mail Transfer Agent’s identity
during a mail transaction. For more information about SPF and SIDF, see
special format of DNS TXT records to specify which machines are authorized to
transmit email for their domains. Compliant mail receivers then use the published
SPF records to test the authorization of the sending Mail Transfer Agent’s identity
during a mail transaction. For more information about SPF and SIDF, see
.
DomainKeys and DKIM Authentication: Overview
AsyncOS supports DomainKeys and DKIM authentication to prevent email
forgery. DomainKeys and DKIM are mechanisms used to verify that the source of
the email and the contents of the message were not altered during transit. DKIM
is an enhanced protocol that combines DomainKeys specification with aspects of
Identified Internet Mail to create an enhanced protocol called DomainKeys
Identified Mail (DKIM). DomainKeys and DKIM consist of two main parts:
signing and verification. The current version of AsyncOS supports the “signing”
half of the process for DomainKeys, and it supports both signing and verification
for DKIM. You can also enable bounce and delay messages to use DomainKeys
and DKIM signing.
forgery. DomainKeys and DKIM are mechanisms used to verify that the source of
the email and the contents of the message were not altered during transit. DKIM
is an enhanced protocol that combines DomainKeys specification with aspects of
Identified Internet Mail to create an enhanced protocol called DomainKeys
Identified Mail (DKIM). DomainKeys and DKIM consist of two main parts:
signing and verification. The current version of AsyncOS supports the “signing”
half of the process for DomainKeys, and it supports both signing and verification
for DKIM. You can also enable bounce and delay messages to use DomainKeys
and DKIM signing.
When you use DomainKeys or DKIM authentication, the sender signs the email
using public key cryptography. The verified domain can then be used to detect
forgeries by comparing it with the domain in the From: (or Sender:) header of the
email.
using public key cryptography. The verified domain can then be used to detect
forgeries by comparing it with the domain in the From: (or Sender:) header of the
email.