Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
214
Views
0
Helpful
1
Replies

spoofed email is delivered when dmarc fails

Sascha0579
Level 1
Level 1

‎05-19-2025 03:34 AM

hi folks,

if i use telnet from external to our cisco esa with:
--- snip ---
ehlo foobar.org
MAIL FROM: <noreply@company.org>
RCPT TO: <user@company.org>
DATA
To: <user@company.org>
Subject: Testing new script"
This is only another test with the script."

.

quit
--- snap ---

in the logs i see that SPF and dkim failed .. and the DMARC check fails too
"DMARC Verification skipped (Sending domain could not be determined)."
so this email is delivered.

How i can prevent this? or is this a misconfiguration? or bug?

Labels:
0 Helpful
1 Reply 1

Dustin Anderson
VIP Alumni
VIP Alumni

‎05-19-2025 02:40 PM

With no domain being valid, there would be no SPF or DKIM to check so it would pass the email. you could verify by spoofing say gmail.com or another site with DNS settings.

you could also set up domain verification but in your example it would be unknown and not sure you want to reject any unknown domain. 

0 Helpful
Customers Also Viewed These Support Documents