Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7567
Views
15
Helpful
4
Replies

Configuring SPF, DKIM and DMARC in Cloud ESA

Doug Maxfield
Beginner
Beginner

‎06-07-2018 10:20 AM - edited ‎03-08-2019 07:38 PM

Good Afternoon,

I'm looking to find a Whitepaper explaining what needs to be done to setup SPF, DKIM and DMARC in Cloud ESA. I have the whitepaper "Email Authentication Best Practices; The Optimal Ways to Deploy SPF, DKIM and DMARC" Revision 4, dated Aug 1, 2017. But it appears to be more gears to the Appliances or Virtual offerings.

 

I have searched the Cisco site but can't find anything. Any help is appreciated.

 

Thanks,

Doug

1 person had this problem
Labels:
4 Replies 4

Robert Sherwin
Cisco Employee
Cisco Employee

‎06-07-2018 12:50 PM - edited ‎06-07-2018 12:54 PM

I think you are referring to the following:

Email Authentication Best Practices The Optimal Ways To Deploy SPF, DKIM And DMARC

 

(Which is a highly trusted source!)

 

Additional items that may help...

 

White Paper: Detecting Spoof

http://cs.co/9005DerYF

How-to: Enable Spoof Protection

http://cs.co/9006DcyDp

 

DMARC Lookup Tools:

DMARC Wizard:

DMARC Aggregation Reporting Tool:

Others:

 

 

Cheers,
Robert Sherwin

Doug Maxfield
Beginner
Beginner
In response to Robert Sherwin

‎06-11-2018 09:18 AM

Robert,

We also found this guide:  

https://www.cisco.com/c/dam/en/us/td/docs/security/ces/overview_guide/Cisco_Cloud_Hybrid_Email_Security_Overview_Guide.pdf

 

We do have a question on page 2-2 of the doc.  It specifies the following:
v=spf1 -exists:%{i}.spf..iphmx.com -all

 

What does the %{i} mean?

 

Thanks,

Doug

0 Helpful

Robert Sherwin
Cisco Employee
Cisco Employee
In response to Doug Maxfield

‎06-20-2018 09:46 AM 

For IPv4 addresses, both the "i" and "c" macros expand to the
   standard dotted-quad format.

   For IPv6 addresses, the "i" macro expands to a dot-format address; it
   is intended for use in %{ir}.  The "c" macro may expand to any of the
   hexadecimal colon-format addresses specified in [RFC3513], Section
   2.2.  It is intended for humans to read.

Source: https://www.ietf.org/rfc/rfc4408.txt

Cheers,
Robert Sherwin
0 Helpful

Robert Sherwin
Cisco Employee
Cisco Employee
In response to Doug Maxfield

‎06-20-2018 09:50 AM

Another, less painful way to read... (maybe?):

Macro-Expansion

SPF defines a number of macro-expansion features as defined below:

Note: all macro-expansion delimiters use braces {}.

Modifier Description
%{c} Only allowed in TXT records referenced by the exp field. The IP of the receiving MTA.
%{d} The current domain, normally the sender-domain %{o} but replaced by the value of any domain argument in the sender mechanism type.
%{h} The domain name supplied on HELO or EHLO, normally the hostname of the sending SMTP server.
%{i} sender-ip The IP of SMTP server sending mail for user, say, info@example.com.
%{l} replace with local part of sender, for instance, if sender is info@example.com, the local part is info.
%{o} The sender-domain, for instance, if email address is info@example.com the sender-domain is example.com.
%{p} The validated domain name. The name obtained using the PTR RR of the sender-ip. Use of this macro will require an additional query unless a ptr sender mechanism is used. Note: Both the %p and the ptr sender mechanism are strongly discouraged by RFC 7208 which even goes so far as to suggest their immediate removal for performance reasons. ooh.
%{r} Only allowed in TXT records referenced by the exp field. The name of the host performing the SPF check. Normally the same as the receiving MTA.
%{t} Only allowed in TXT records referenced by the exp field. Current timestamp.
%{s} Replace with sender email address, for instance, info@example.com
%{v} Replaced with "in-addr" if sender-ip is an IPv4 address and "ip6" if an IPv6 address. Used to construct reverse map strings.

The above macros may take one or more additional arguments as follows:

  1. r - Indicates reverse the order of the field, for instance, %{or} would display example.com as com.example and %{ir} would display 192.168.0.2 as 2.0.168.192. The normal split uses "." (dot) as the separator but any other character may be used to define the split but a "." (dot) is always used when rejoining so, for instance, %{sr@} would display info@example.com as example.com.info.

  2. digit - the presence of a digit (range 1 to 128) limits the number of right most elements displayed, for instance, %{d1} displays only com only from example.com but %{d5} would display five right hand elements up to the maximum available, in this case it will display example.com since that is all that is available.

Source: http://www.zytrax.com/books/dns/ch9/spf.html

Cheers,
Robert Sherwin
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents