Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1990
Views
10
Helpful
1
Replies

ESA DMARC profile vs content filter best practices

Ajit Pai
Level 1
Level 1

‎09-13-2022 08:24 AM

Hello community,

is there a difference between the implementation of DMARC using the Cisco ESA "DMARC profile"My DMARC profileMy DMARC profile

 

 

 

 

and a simple content filter that checks strings like p=none or p=quarantine in the authentication results headers?My DMARC content filterMy DMARC content filter

 

 

 

 

 

 

 

 

 

 

 

 

 

 

In my specific scenario I want to quarantine mail that fails DMARC only with p=quarantine. Can you confirm that the DMARC-failed-mail with "p=none" can only be managed by content filters?

Are there any best practices that can be applied?

Thank you and best regards,

Luca

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎09-13-2022 09:08 AM

Correct, you have to deal with NONE via a content filter.
The only difference might be when the action happens, which could when you think about all of the filtering that is going on, and if you have other content filters that apply, etc.
I'd expect that DMARC policy will quarantine earlier, but the Email Pipeline flowcharts don't show it, so I don't know.
Ken
Customers Also Viewed These Support Documents