Cisco Cisco Email Security Appliance C680 用户指南

Set the level of conformance (the default is SIDF-compatible). This option allows you to determine 
which standard of SPF or SIDF verification to use. In addition to SIDF conformance, you can choose 
SIDF-compatible, which combines SPF and SIDF.

More settings are available via the CLI. See 

 for 

more information.

If you choose a conformance level of SIDF-compatible, configure whether the verification downgrades 
a Pass result of the PRA identity to None if there are Resent-Sender: or Resent-From: headers present in 
the message. You might choose this option for security purposes.

If you choose a conformance level of SPF, configure whether to perform a test against the HELO identity. 
You might use this option to improve performance by disabling the HELO check. This can be useful 
because the 

spf-passed

 filter rule checks the PRA or the MAIL FROM Identities first. The appliance 

only performs the HELO check for the SPF conformance level.

SPF

The SPF/SIDF verification behaves according to RFC4408.

- No purported responsible address (PRA) identity verification takes 
place.

NOTE: Select this conformance option to test against the HELO 
identity.

SIDF

The SPF/SIDF verification behaves according to RFC4406.

-The PRA Identity is determined with full conformance to the standard.

- SPF v1.0 records are treated as spf2.0/mfrom,pra.

- For a nonexistent domain or a malformed identity, a verdict of Fail is 
returned.

SIDF Compatible

The SPF/SIDF verification behaves according to RFC4406 except for 
the following differences:

- SPF v1.0 records are treated as spf2.0/mfrom.

- For a nonexistent domain or a malformed identity, a verdict of None is 
returned.

NOTE: This conformance option was introduced at the request of the 
OpenSPF community (www.openspf.org).