Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2082
Views
0
Helpful
5
Replies

content filter vs dmarc

packitcheck
Level 1
Level 1

‎10-27-2017 02:35 AM - edited ‎03-08-2019 07:27 PM

Hi All,

 

Is it possible to use content filters to do what DMARC does? IF possible, what are the pro's and the cons?  Bear in mind that SPF and DKIM are configured and DMARC not yet.

 

Many thanx,

 

Shaam

Labels:
0 Helpful
5 Replies 5

marc.luescherFRE
Spotlight
Spotlight

‎10-27-2017 06:24 AM

We are in a similar boat. SPF and DKIM activated, DMARC activated for some lesser used domains but main domains are still in p=none mode.

 

We use 100+ external service providers sending with ours or other email addresses, so we created a CLI based message filters which checks for spoofed incoming messages and whitelist all the ones which pass the following three categories for now :

 

a) trusted system is SPF, DKIM and DMARC compliant

b) trusted application using external email ( like 1-2 a year)

c) trusted sender domains using external email (multiple times a year)

 

So we mainly have one DMARC compliant and one DMARC not yet compliant policy for incoming mail which has a message filter for classification.

 

0 Helpful

Ken Stieers
VIP
VIP

‎10-27-2017 06:51 AM

You can do what DMARC does, with content filters, to a point.  Keep in mind, how it works:

DMARC verification takes the SPF and DKIM results, looks up the senders DMARC record and performs the Pass/quarantine/do nothing as per their record.  

Doing the lookup/parsing their policy/reacting as appropriate isn't really something you can do in the content filter.

Doing the reporting part (where your ESA sends a report back saying "here's where email purporting to be you is coming from) wouldn't be something a content filter could do either...

 

You CAN decide how your ESA reacts to the result of the DKIM and SPF verifications, with all of the various combinations of those two tests. 

 

The PROis you get to decide what to do with the mail.  

The CON is that its maintenance you have to keep up with, it adds load.  

 

 

0 Helpful

packitcheck
Level 1
Level 1
In response to Ken Stieers

‎10-29-2017 03:03 PM

All,

 

Many thnx for your replies

 

@ken

 The CON is that its maintenance you have to keep up with, it adds load. Does this apply to DMARC or content filter?

 

Many thnx,

 

Shaam

0 Helpful

Ken Stieers
VIP
VIP
In response to packitcheck

‎10-29-2017 05:15 PM

Content filter. Depending upon how many of the possible SPF and DKIM results you account for you could end up with a complex set of filters...


0 Helpful

packitcheck
Level 1
Level 1
In response to Ken Stieers

‎10-29-2017 06:16 PM

many thnx Ken

0 Helpful
Customers Also Viewed These Support Documents