Mail Sender Authentication is designed to provide additional protection for your corporate mail infrastructure against spam and phishing.
Kaspersky Secure Mail Gateway uses the following message authentication technologies:
SPF Mail Sender Authentication – comparing IP addresses of mail senders with the list of possible message sources that has been created by the mail server administrator.
Kaspersky Secure Mail Gateway receives lists of possible message sources from the DNS server.
Enable SPF message authentication if Kaspersky Secure Mail Gateway receives messages directly from the Internet. Disable SPF message authentication if Kaspersky Secure Mail Gateway receives messages from an intermediate internal server.
DKIM Mail Sender Authentication – verification of the digital signature added to messages.
A digital signature associated with the name of the organization's domain is added to messages. Kaspersky Secure Mail Gateway verifies this digital signature.
DMARC Mail Sender Authentication – Verification that determines the policy and actions taken on messages based on the results of SPF and DKIM Mail Sender Authentication.
After the message has passed SPF and DKIM authentication, the program verifies that the domain containing the sender's address in the From field of the email message header matches the SPF and DKIM IDs.
To enable SPF, DKIM, and DMARC sender authentication, you must allow Kaspersky Secure Mail Gateway to connect to the DNS server. If the connection to the DNS server is prohibited, SPF, DKIM, and DMARC Mail Sender Authentication is disabled.
If Kaspersky Secure Mail Gateway detects violations during SPF, DKIM, or DMARC message authentication, it is considered that SPF, DKIM, or DMARC message authentication has revealed violations of message senders' authenticity.