User Guide
CHAPTER
20-1
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
20
Email Authentication
• Email Authentication Overview, page 20-1
• DomainKeys and DKIM Authentication, page 20-1
• Configuring DomainKeys and DKIM Signing, page 20-3
• How to Verify Incoming Messages Using DKIM, page 20-16
• Overview of SPF and SIDF Verification, page 20-22
• How to Verify Incoming Messages Using SPF/SDIF, page 20-23
• Enabling SPF and SIDF, page 20-24
• Determining the Action to Take for SPF/SIDF Verified Mail, page 20-31
• Testing the SPF/SIDF Results, page 20-34
• DMARC Verification, page 20-35
Email Authentication Overview
AsyncOS for Email supports email verification and signing to prevent email forgery. To verify incoming
mail, AsyncOS supports Sender Policy Framework (SPF), Sender ID Framework (SIDF), DomainKeys
Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance
(DMARC). To authenticate outbound mail, AsyncOS supports DomainKeys and DKIM signing.
Related Topics
• DomainKeys and DKIM Authentication, page 20-1.
• Overview of SPF and SIDF Verification, page 20-22.
• DMARC Verification, page 20-35
DomainKeys and DKIM Authentication
With DomainKeys or DKIM email authentication, the sender signs the email using public key
cryptography. The verified domain can then be used to detect forgeries by comparing it with the domain
in the From: (or Sender:) header of the email.
DomainKeys and DKIM consist of two main parts: signing and verification. AsyncOS supports the
“signing” half of the process for DomainKeys, and it supports both signing and verification for DKIM.
You can also enable bounce and delay messages to use DomainKeys and DKIM signing.