User Guide

20-31

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 20 Email Authentication

Determining the Action to Take for SPF/SIDF Verified Mail

When you receive SPF/SIDF verified mail, you may want to take different actions depending on the

results of the SPF/SIDF verification. You can use the following message and content filter rules to

determine the status of SPF/SIDF verified mail and perform actions on the messages based on the

verification results:

• spf-status. This filter rule determines actions based on the SPF/SIDF status. You can enter a

different action for each valid SPF/SIDF return value.

• spf-passed. This filter rule generalizes the SPF/SIDF results as a Boolean value.

Note The spf-passed filter rule is only available in message filters.

You can use the

spf-status rule when you want to address more granular results, and use the

spf-passed rule when you want to create a simple Boolean.

Related Topics

• Verification Results, page 20-31

• Using the spf-status Filter Rule in the CLI, page 20-32

• spf-status Content Filter Rule in the GUI, page 20-33

• Using the spf-passed Filter Rule, page 20-33

Verification Results

If you use the spf-status filter rule, you can check against the SPF/SIDF verification results using the

following syntax:

If you want a single condition to check against multiple status verdicts, you can use the following syntax:

You can also check the verification results against the HELO, MAIL FROM, and PRA identities using

the following syntax:

Note You can only use the spf-status message filter rule to check results against HELO, MAIL FROM, and

PRA identities. You cannot use the

spf-status content filter rule to check against identities. The

spf-status content filter checks only the PRA identity.

You can receive any of the following verification results:

• None - no verification can be performed due to the lack of information.

if (spf-status == "Pass")

if (spf-status == "PermError, TempError")

if (spf-status("pra") == "Fail")