Showing results for 
Search instead for 
Did you mean: 

Configuring SPF, DKIM and DMARC in Cloud ESA

Doug Maxfield
Level 1
Level 1

Good Afternoon,

I'm looking to find a Whitepaper explaining what needs to be done to setup SPF, DKIM and DMARC in Cloud ESA. I have the whitepaper "Email Authentication Best Practices; The Optimal Ways to Deploy SPF, DKIM and DMARC" Revision 4, dated Aug 1, 2017. But it appears to be more gears to the Appliances or Virtual offerings.


I have searched the Cisco site but can't find anything. Any help is appreciated.




4 Replies 4

Robert Sherwin
Cisco Employee
Cisco Employee

I think you are referring to the following:

Email Authentication Best Practices The Optimal Ways To Deploy SPF, DKIM And DMARC


(Which is a highly trusted source!)


Additional items that may help...


White Paper: Detecting Spoof

How-to: Enable Spoof Protection


DMARC Lookup Tools:

DMARC Wizard:

DMARC Aggregation Reporting Tool:





We also found this guide:


We do have a question on page 2-2 of the doc.  It specifies the following:
v=spf1 -exists:%{i} -all


What does the %{i} mean?




For IPv4 addresses, both the "i" and "c" macros expand to the
   standard dotted-quad format.

   For IPv6 addresses, the "i" macro expands to a dot-format address; it
   is intended for use in %{ir}.  The "c" macro may expand to any of the
   hexadecimal colon-format addresses specified in [RFC3513], Section
   2.2.  It is intended for humans to read.


Another, less painful way to read... (maybe?):


SPF defines a number of macro-expansion features as defined below:

Note: all macro-expansion delimiters use braces {}.

Modifier Description
%{c} Only allowed in TXT records referenced by the exp field. The IP of the receiving MTA.
%{d} The current domain, normally the sender-domain %{o} but replaced by the value of any domain argument in the sender mechanism type.
%{h} The domain name supplied on HELO or EHLO, normally the hostname of the sending SMTP server.
%{i} sender-ip The IP of SMTP server sending mail for user, say,
%{l} replace with local part of sender, for instance, if sender is, the local part is info.
%{o} The sender-domain, for instance, if email address is the sender-domain is
%{p} The validated domain name. The name obtained using the PTR RR of the sender-ip. Use of this macro will require an additional query unless a ptr sender mechanism is used. Note: Both the %p and the ptr sender mechanism are strongly discouraged by RFC 7208 which even goes so far as to suggest their immediate removal for performance reasons. ooh.
%{r} Only allowed in TXT records referenced by the exp field. The name of the host performing the SPF check. Normally the same as the receiving MTA.
%{t} Only allowed in TXT records referenced by the exp field. Current timestamp.
%{s} Replace with sender email address, for instance,
%{v} Replaced with "in-addr" if sender-ip is an IPv4 address and "ip6" if an IPv6 address. Used to construct reverse map strings.

The above macros may take one or more additional arguments as follows:

  1. r - Indicates reverse the order of the field, for instance, %{or} would display as com.example and %{ir} would display as The normal split uses "." (dot) as the separator but any other character may be used to define the split but a "." (dot) is always used when rejoining so, for instance, %{sr@} would display as

  2. digit - the presence of a digit (range 1 to 128) limits the number of right most elements displayed, for instance, %{d1} displays only com only from but %{d5} would display five right hand elements up to the maximum available, in this case it will display since that is all that is available.