Message authentication is designed to provide additional protection for your corporate mail infrastructure against spam and phishing.
Kaspersky Secure Mail Gateway uses the following message authentication technologies:
SPF message authentication – comparing IP addresses of message senders with the list of possible message sources, which has been created by the mail server administrator.
Kaspersky Secure Mail Gateway receives lists of possible message sources from the DNS server.
Enable SPF message authentication if Kaspersky Secure Mail Gateway receives messages directly from the Internet. Disable SPF message authentication if Kaspersky Secure Mail Gateway receives messages from an intermediate internal server.
DKIM message authentication – verification of the digital signature added to messages.
A digital signature associated with the name of the organization's domain is added to messages. Kaspersky Secure Mail Gateway verifies this digital signature.
DMARC message authentication – authentication performed to verify that the message was actually sent from the specified domain.
After the message has passed SPF and DKIM authentication, the application verifies that the domain containing the sender's address in the From field of the email message header matches the SPF and DKIM IDs and the SPF and DKIM statuses.
To enable SPF, DKIM, and DMARC message authentication, you have to allow Kaspersky Secure Mail Gateway to connect to the DNS server. If the connection to the DNS server is prohibited, SPF, DKIM, and DMARC message authentication is disabled.
If Kaspersky Secure Mail Gateway detects violations during SPF, DKIM, or DMARC message authentication, it is considered that SPF, DKIM, or DMARC message authentication has revealed violations of message senders' authenticity.