Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
0
Helpful
1
Replies

DMARC notifications

ArjanBroekhuizen
Level 1
Level 1

‎10-21-2022 04:03 AM

Hello,

We have configured DMARC filtering in our ESA and that is working well. However, we want to send notifications to an admin or recipient when a message is send to quarantaine. I cannot find an option to do this.

I found a post about this and an enhancement request, but it is not clear what the status is.
https://community.cisco.com/t5/email-security/dmarc-notification/td-p/4265593
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn54567

Is there an alternitave option to configure both quarantaine and notifications for DMARC? Can this be done with filter on the header?

Kind regards,
Arjan

Labels:
0 Helpful
1 Reply 1

UdupiKrishna
Cisco Employee
Cisco Employee

‎11-03-2022 06:57 AM

Since these messages if quarantined would go to Policy, notification isn't possible. However your thoughts are in the right path, you can setup a content filter to scan "authentication-results" header and specifically look for dmarc result values (fail, quarantine etc) after reviewing the headers of a few samples.

Then setup an action to notify specific addresses.

0 Helpful
Customers Also Viewed These Support Documents