Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2180
Views
5
Helpful
1
Replies

Best Practice for allowing DMARC passed mail items from mail hosting platform and restricting other mails based on SBRS.

Fwaggle
Level 1
Level 1

‎11-09-2020 04:42 AM

Apologies if this has been addressed in previous threads.

 

I have scenario whereby a partner org sends inbound mail including time based passcodes utilising a mail hosting platform (e.g amazones, mailgun, etc. Message trace shows that a number of other orgs utilise the same mail hosting platform and the sending IP's are the same. The partner org has configured SPF, DKIM and DMARC and from the mail items I have reviewed all of these mail items pass these checks where as the mail items from the other orgs do not. Currently all mail from this hosting platform are subject to SBRS (values range from 2.8 to 3.5 hourly) and as such the appropriate mail flow policy and throttling are applied. 

 

I am looking for advice/ best practice for a way that will allow the DKIM/DMARC passed mail items to bypass the throttling and keep the others subject to policies based on SBRS value. What I don't want to happen is create a new flow policy that is applicable to all inbound mail enforcing DKIM/ DMARC check so that every mail item that fails these checks ends up in the Quarantine pool. 

 

I should say that our mail flow policies are as currently as out of the box and we have been using up to now the HAT exemptions to by-pass throttling so certain IP's. 

 

Thanks in advance, 

 

Fraser

1 person had this problem
Labels:
1 Reply 1

ciscomoderator
Community Manager
Community Manager

‎02-09-2021 11:07 AM

Hello @Fwaggle 

We currently have an Ask Me Anything event (Feb 1-12, 2021) and your question fits our theme:

"New Capabilities to Protect Your Users with Cisco Secure Email - AMA"

To see our experts' response, visit the link https://community.cisco.com/t5/email-security/new-capabilities-to-protect-your-users-with-cisco-secure-email/m-p/4287300/highlight/true#M21838 

Come and ask more questions before February 12.

Note: If the reply in the forum solves your question, please accept the post as a solution to help other members. Thank you! 

0 Helpful
Customers Also Viewed These Support Documents