- Kaspersky Secure Mail Gateway
- The Kaspersky Secure Mail Gateway interface
- Application licensing
- About the End User License Agreement
- About the license certificate
- About the key
- About the key file
- About the activation code
- About the subscription
- About data provision
- Modes of Kaspersky Secure Mail Gateway operation under license
- Adding an activation code
- Adding a key file
- Removing a key
- Monitoring license key status
- Configuring warnings about upcoming license key expiration
- Purchasing a license
- Renewing a license
- Updating Kaspersky Secure Mail Gateway
- Application installation and setup
- Deploying a virtual machine in the management console of the VMware ESXi hypervisor
- Deploying a virtual machine in the web interface of VMware vSphere
- Deploying a virtual machine in the management console of the Microsoft Hyper-V Manager hypervisor
- Deploying a virtual machine using Microsoft SCVMM
- Application installation and setup
- Removing the application
- Preparing for removing the application
- Deleting a virtual machine in the management console of the VMware ESXi hypervisor
- Deleting a virtual machine in the web interface of VMware vSphere
- Deleting a virtual machine in the management console of the Microsoft Hyper-V hypervisor
- Deleting a virtual machine using Microsoft SCVMM
- Getting started with the application
- Integrating Kaspersky Secure Mail Gateway into the existing corporate email infrastructure
- Monitoring of application operation
- Using message processing rules
- Viewing the rule table
- Configuring rule table display
- Message processing rule configuration scenario
- Creating message processing rules
- Configuring Anti-Virus protection
- Configuring link scanning
- Configuring Anti-Spam protection
- Configuring Anti-Phishing protection
- Configuring Content Filtering
- Mail Sender Authentication
- Notification settings for message scan events
- Adding a Warning about insecure message
- Adding email disclaimers
- Configuring KATA protection
- Examples of message processing rule configuration
- Viewing rule information
- Enabling and disabling a message processing rule
- Changing rule settings
- Deleting message processing rules
- Allowlists and denylists
- Managing the cluster
- Creating a new cluster
- Viewing the cluster node table
- Configuring the display of the cluster node table
- Viewing information about a cluster node
- Adding a node to the cluster
- Modifying node settings
- Removing a node from a cluster
- Changing the role of a node in a cluster
- Deleting the cluster
- Restarting a cluster node
- Managing the SSL certificate of the cluster node
- Checking data integrity
- Modifying the network settings of a cluster node
- Managing roles and user accounts
- Backup
- Configuring Backup settings
- Configuring personal Backup
- Viewing the table of objects in Backup
- Configuring the display of the table of objects in Backup
- Filtering and finding messages in Backup
- Viewing information about a message in Backup
- Delivering a message from Backup
- Downloading a message from Backup
- Deleting a message from Backup
- Backup digest
- Event log
- Viewing the event log
- Configuring event table display
- Filtering email traffic processing events
- Filtering application events
- Viewing information about email traffic processing events
- Viewing information about an application event
- Application event types
- Exporting the event log
- Configuring the event log
- Message queue
- Reports
- General protection settings
- About computer protection against certain legitimate applications
- Configuring the Anti-Virus module
- Configuring link scanning
- Configuring the Anti-Spam module
- Configuring the Anti-Phishing module
- Configuring Content Filtering
- Configuring external services
- Preparing to configure SPF and DMARC Mail Sender Authentication for outgoing messages
- Configuring date and time
- Configuring the proxy server connection settings
- Updating Kaspersky Secure Mail Gateway
- Database update for Kaspersky Secure Mail Gateway
- Exporting and importing settings
- Participating in Kaspersky Security Network and using Kaspersky Private Security Network
- Integration with an external directory service
- KATA protection
- Integration with a single KATA server
- Integration with multiple servers of the KATA cluster
- Creating a configuration file for the built-in balancer
- Configuring and running the built-in balancer on a cluster node
- Adding a KATA server
- Configuring KATA protection settings
- KATA integration dashboard
- Adding, modifying, and deleting IP addresses of KATA servers
- Disabling KATA integration
- Managing the application over SNMP
- Configuring the snmpd service in the operating system
- Enabling and disabling the use of the SNMP protocol in Kaspersky Secure Mail Gateway
- Configuring SNMP server connection settings
- Enabling and disabling forwarding of SNMP traps
- Configuring encryption of SNMP connections
- Description of MIB objects of Kaspersky Secure Mail Gateway
- Exporting MIB objects
- Email notifications for Kaspersky Secure Mail Gateway
- Configuring notifications about application events
- Configuring notifications about bounce messages
- Configuring notifications about message processing rules triggering
- Configuring notification templates
- Using macros in notification templates
- Adding a unique message ID to the notification
- Configuring the address for messages sent by the application
- Authentication using the single sign-on technology
- Connecting to cluster nodes over the SSH protocol
- Editing MTA settings
- DKIM signature for outgoing messages
- Using the TLS protocol in the operation of Kaspersky Secure Mail Gateway
- Domains and configuration of email routing
- Publishing application events to a SIEM system
- Contacting Technical Support
- Glossary
- Advanced persistent threat (APT)
- Anti-Phishing
- Anti-Spam
- Anti-Spam Quarantine
- Anti-Virus
- Backup
- Backup digest
- BEC attack
- Certificate fingerprint
- Cluster
- Content Filtering
- Control node
- Directory service
- DKIM Mail Sender Authentication
- DMARC Mail Sender Authentication
- Email notification
- Heuristic analysis
- Kaspersky Anti Targeted Attack Platform
- Kaspersky Private Security Network
- Kaspersky Security Network (KSN)
- Kerberos authentication
- Key file
- Keytab file
- LDAP
- Malicious links
- Moebius service
- MTA
- NTLM authentication
- Phishing
- PTR record
- Reputation filtering
- SCL rating
- Secondary node
- Service Principal Name (SPN)
- SIEM system
- SMTP verification
- SNMP agent
- SNMP trap
- Spam
- SPF Mail Sender Authentication
- Spoofing
- TLS encryption
- Update source
- Virtual machine
- Information about third-party code
- Trademark notices
Using message processing rules > Message processing rule configuration scenario > Mail Sender Authentication
Mail Sender Authentication
Mail Sender Authentication
Before configuring Mail Sender Authentication in the message processing rule, make sure that the relevant authentication technologies are enabled in general protection settings.
To configure Mail Sender Authentication in the message processing rule:
- In the application web interface window, select the Rules section.
- In the rule table, select the rule for which you want to configure Mail Sender Authentication.
This opens the View rule window.
- Click Edit.
Rule settings become editable.
- In the left pane, select the Mail Sender Authentication section.
- Use the toggle switch to the right of the section title to enable or disable Mail Sender Authentication for messages that match rule criteria.
By default, Mail Sender Authentication is disabled.
- If at the previous step you have enabled Mail Sender Authentication, configure general settings for all authentication types:
- Select the Consider temporary errors (TempError) as an authentication violation check box if you want Kaspersky Secure Mail Gateway to consider temporary errors (TempError) a violation of Mail Sender Authentication.
- Select the Consider permanent errors (PermError) as an authentication violation check box if you want Kaspersky Secure Mail Gateway to consider permanent errors (PermError) a violation of Mail Sender Authentication.
- Configure the following scan types:
- DMARC authentication.
Before configuring additional settings of DMARC message authentication for a rule, make sure that DMARC, DKIM, and SPF mail sender authentication and the DNS server connection are enabled in the general protection settings.
- In the DMARC Mail Sender Authentication group of settings, select the Consider DMARC authentication result as primary check box if you want to determine an Mail Sender Authentication violation based only on DMARC authentication while disregarding the results of SPF and DKIM authentication.
If the check box is selected, an authentication violation is determined based on the results of DMARC authentication. If the check box is cleared, the results of SPF, DKIM and DMARC authentication are considered to be equivalent. A violation under any of these authentication methods is considered to be a Mail Sender Authentication violation. If violations are found by several authentication methods simultaneously, the strictest of the actions defined for SPF, DKIM, or DMARC Mail Sender Authentication violations is applied to the message.
- In the If a DMARC violation is detected drop-down list, select one of the following actions to take on messages found to cause an authentication violation during DMARC message authentication:
- Apply DMARC policy.
The DMARC policy is configured by the administrator on the DNS server. If the administrator has set a None or Quarantine policy, the application performs the Skip action. The Reject action of the application corresponds to the Reject policy.
- Reject.
- Delete message.
- Skip.
The Apply DMARC policy action is selected by default.
- Apply DMARC policy.
- If you want to automatically place in Backup those messages which the DMARC authentication finds to be inauthentic, select the Move message to Backup check box.
This check box is cleared by default.
- If you want tags to be automatically added after the scan to the beginning of the subject of messages that DMARC authentication finds to violate mail sender authenticity, type the text of the tag in the text box under the Move message to Backup check box.
By default, no tag is assigned.
- In the DMARC Mail Sender Authentication group of settings, select the Consider DMARC authentication result as primary check box if you want to determine an Mail Sender Authentication violation based only on DMARC authentication while disregarding the results of SPF and DKIM authentication.
- SPF authentication.
Before configuring additional settings of SPF message authentication for a rule, make sure that SPF Mail Sender Authentication is enabled in the settings of Kaspersky Secure Mail Gateway.
- In the SPF Mail Sender Authentication group of settings, select the Consider SPF softfail as a violation check box if you want to consider an SPF softfail error detected during SPF authentication as a violation of Mail Sender Authentication.
- In the If a SPF violation is detected drop-down list, select one of the following actions to take on messages found to cause an authentication violation during SPF message authentication:
- Reject.
- Delete message.
- Skip.
The Skip action is selected by default.
- If you want to automatically place in Backup those messages which the SPF authentication finds to be inauthentic, select the Move message to Backup check box.
This check box is cleared by default.
- If you want tags to be automatically added after the scan to the beginning of the subject of messages that SPF authentication finds to violate mail sender authenticity, type the text of the tag in the text box under the Move message to Backup check box.
By default, no tag is assigned.
- DKIM authentication.
Before configuring additional settings of DKIM message authentication for a rule, make sure that DKIM Mail Sender Authentication is enabled in the settings of Kaspersky Secure Mail Gateway.
- In the DKIM Mail Sender Authentication group of settings, select the Consider absence of DKIM signature as an authentication violation check box if you want to consider the absence of a DKIM signature in the message detected by DKIM authentication as a violation of Mail Sender Authentication.
- In the Alignment mode drop-down list, select an authentication mode:
- Relaxed.
- Strict.
- In the If a DKIM violation is detected drop-down list, select one of the following actions to take on messages found to cause an authentication violation during DKIM Mail Sender Authentication:
- Reject.
- Delete message.
- Skip.
The Skip action is selected by default.
- If you want to automatically place in Backup those messages which the DKIM authentication finds to be inauthentic, select the Move message to Backup check box.
This check box is cleared by default.
- If you want tags to be added after the scan to the beginning of the subject of messages that DKIM authentication finds to violate mail sender authenticity, type the text of the tag in the text box under the Move message to Backup check box.
By default, no tag is assigned.
- DMARC authentication.
- Click Save.
Mail Sender Authentication is configured. The specified settings are applied to messages that match the rule criteria.
To ensure the configured settings are applied during the operation of Kaspersky Secure Mail Gateway, make sure to enable Mail Sender Authentication for the rule and to enable the configured rule.
Article ID: 203013, Last review: Jan 24, 2025