cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1707
Views
10
Helpful
3
Replies

DMARC can reject, SPF can not. Why?

cryptochrome
Level 1
Level 1

Hi,

with DMARC we can reject mails during SMTP dialog (according to DMARC policies). However, with SPF and DKIM we can only drop/quarantine/bouce, but not reject. Acting on SPF results is only possible in message/content filters (which happen after SMTP dialog, hence no reject). DMARC, which is based on SPF/DKIM can reject mails. 

This makes no sense. Why not allow a reject action for SPF/DKIM as well?

 

1 Accepted Solution

Accepted Solutions

You can set it to reject, but you have to do it in the CLI.



https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-0/cli_reference_guide/b_CLI_Reference_Guide_13_0/b_CLI_Reference_Guide_chapter_0100.html



Search for this string "Example - Configuring SPF and SIDF"


Keep in mind that this is much like turning on rejecting mail because of reverse DNS/PTR lookups failing...
LOTS of companies STILL don't know how to configure it properly.



View solution in original post

3 Replies 3

Cristian Matei
VIP Alumni
VIP Alumni

Hi,

   

     I think it was just a simple call at that point in time, when feature was implemented. Technically speaking, from the RFC point of view, SPF recommends REJECT, while DKIM does not recommend REJECT.

 

Regards,

Cristian Matei.

You can set it to reject, but you have to do it in the CLI.



https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-0/cli_reference_guide/b_CLI_Reference_Guide_13_0/b_CLI_Reference_Guide_chapter_0100.html



Search for this string "Example - Configuring SPF and SIDF"


Keep in mind that this is much like turning on rejecting mail because of reverse DNS/PTR lookups failing...
LOTS of companies STILL don't know how to configure it properly.



Oh wow... looks like it makes sense to check the command line reference more often. I didn't know this was possible because the GUI does not offer these options. Excellent, thanks for pointing me in the right direction!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: