Showing results for 
Search instead for 
Did you mean: 

Configuring SPF, DKIM and DMARC in Cloud ESA

Doug Maxfield

Good Afternoon,

I'm looking to find a Whitepaper explaining what needs to be done to setup SPF, DKIM and DMARC in Cloud ESA. I have the whitepaper "Email Authentication Best Practices; The Optimal Ways to Deploy SPF, DKIM and DMARC" Revision 4, dated Aug 1, 2017. But it appears to be more gears to the Appliances or Virtual offerings.


I have searched the Cisco site but can't find anything. Any help is appreciated.




4 Replies 4

Robert Sherwin
Cisco Employee
Cisco Employee

I think you are referring to the following:

Email Authentication Best Practices The Optimal Ways To Deploy SPF, DKIM And DMARC


(Which is a highly trusted source!)


Additional items that may help...


White Paper: Detecting Spoof

How-to: Enable Spoof Protection


DMARC Lookup Tools:

DMARC Wizard:

DMARC Aggregation Reporting Tool:





We also found this guide:


We do have a question on page 2-2 of the doc.  It specifies the following:
v=spf1 -exists:%{i} -all


What does the %{i} mean?




For IPv4 addresses, both the "i" and "c" macros expand to the
   standard dotted-quad format.

   For IPv6 addresses, the "i" macro expands to a dot-format address; it
   is intended for use in %{ir}.  The "c" macro may expand to any of the
   hexadecimal colon-format addresses specified in [RFC3513], Section
   2.2.  It is intended for humans to read.


Another, less painful way to read... (maybe?):


SPF defines a number of macro-expansion features as defined below:

Note: all macro-expansion delimiters use braces {}.

Modifier Description
%{c} Only allowed in TXT records referenced by the exp field. The IP of the receiving MTA.
%{d} The current domain, normally the sender-domain %{o} but replaced by the value of any domain argument in the sender mechanism type.
%{h} The domain name supplied on HELO or EHLO, normally the hostname of the sending SMTP server.
%{i} sender-ip The IP of SMTP server sending mail for user, say,
%{l} replace with local part of sender, for instance, if sender is, the local part is info.
%{o} The sender-domain, for instance, if email address is the sender-domain is
%{p} The validated domain name. The name obtained using the PTR RR of the sender-ip. Use of this macro will require an additional query unless a ptr sender mechanism is used. Note: Both the %p and the ptr sender mechanism are strongly discouraged by RFC 7208 which even goes so far as to suggest their immediate removal for performance reasons. ooh.
%{r} Only allowed in TXT records referenced by the exp field. The name of the host performing the SPF check. Normally the same as the receiving MTA.
%{t} Only allowed in TXT records referenced by the exp field. Current timestamp.
%{s} Replace with sender email address, for instance,
%{v} Replaced with "in-addr" if sender-ip is an IPv4 address and "ip6" if an IPv6 address. Used to construct reverse map strings.

The above macros may take one or more additional arguments as follows:

  1. r - Indicates reverse the order of the field, for instance, %{or} would display as com.example and %{ir} would display as The normal split uses "." (dot) as the separator but any other character may be used to define the split but a "." (dot) is always used when rejoining so, for instance, %{sr@} would display as

  2. digit - the presence of a digit (range 1 to 128) limits the number of right most elements displayed, for instance, %{d1} displays only com only from but %{d5} would display five right hand elements up to the maximum available, in this case it will display since that is all that is available.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers