11-09-2020 04:42 AM
Apologies if this has been addressed in previous threads.
I have scenario whereby a partner org sends inbound mail including time based passcodes utilising a mail hosting platform (e.g amazones, mailgun, etc. Message trace shows that a number of other orgs utilise the same mail hosting platform and the sending IP's are the same. The partner org has configured SPF, DKIM and DMARC and from the mail items I have reviewed all of these mail items pass these checks where as the mail items from the other orgs do not. Currently all mail from this hosting platform are subject to SBRS (values range from 2.8 to 3.5 hourly) and as such the appropriate mail flow policy and throttling are applied.
I am looking for advice/ best practice for a way that will allow the DKIM/DMARC passed mail items to bypass the throttling and keep the others subject to policies based on SBRS value. What I don't want to happen is create a new flow policy that is applicable to all inbound mail enforcing DKIM/ DMARC check so that every mail item that fails these checks ends up in the Quarantine pool.
I should say that our mail flow policies are as currently as out of the box and we have been using up to now the HAT exemptions to by-pass throttling so certain IP's.
Thanks in advance,
Fraser
02-09-2021 11:07 AM
Hello @Fwaggle
We currently have an Ask Me Anything event (Feb 1-12, 2021) and your question fits our theme:
"New Capabilities to Protect Your Users with Cisco Secure Email - AMA"
To see our experts' response, visit the link https://community.cisco.com/t5/email-security/new-capabilities-to-protect-your-users-with-cisco-secure-email/m-p/4287300/highlight/true#M21838
Come and ask more questions before February 12.
Note: If the reply in the forum solves your question, please accept the post as a solution to help other members. Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide