Mail Sender Authentication

Before configuring Mail Sender Authentication in the message processing rule, make sure that the relevant authentication technologies are enabled in general protection settings. Sender domain alignment is always enabled.

To configure Mail Sender Authentication in the message processing rule:

In the application web interface window, select the Rules section.
In the rule table, select the rule for which you want to configure Mail Sender Authentication.
This opens the View rule window.
Click Edit.
Rule settings become editable.
In the left pane, select the Mail Sender Authentication section.
Use the toggle switch to the right of the section title to enable or disable Mail Sender Authentication for messages that match rule criteria.
By default, Mail Sender Authentication is disabled.
If you enabled authentication, configure the following mail sender authentication types:
- DMARC authentication
  Before configuring additional settings of DMARC message authentication for a rule, make sure that DMARC, DKIM, and SPF mail sender authentication and the DNS server connection are enabled in the general protection settings.
  1. Under DMARC authentication, click Open.
  2. On the General tab, turn on the Consider DMARC authentication result as primary toggle switch if you want to determine a Mail Sender Authentication violation based only on DMARC authentication and disregard the results of sender domain alignment and SPF and DKIM authentication.
    If the toggle switch is turned on, an authentication violation is determined based on the results of DMARC authentication. If the toggle switch is turned off, the results of sender domain alignment, SPF, DKIM, and DMARC authentication are considered to be equivalent. A violation under any of these authentication methods is considered to be a Mail Sender Authentication violation. The action that is actually applied to the message is the strictest of all applicable actions according to the authentication results by all enabled technologies.
    
    This toggle switch is on by default.
  3. On the Pass tab, configure the actions that you want to apply to a message in case of a Pass authentication status.
    Under Action, select an action to apply to the message:
    Skip.
    Deliver message to recipient
    
    Reject.
    Do not deliver message to recipient. Send SMTP session error code to the sender server if possible. If error code cannot be sent, send SMTP session success code to the sender server, and a non-delivery report might be sent to the sender of the original message
    
    Delete message.
    Do not deliver message to recipient. Send SMTP session success code to the sender server. No non-delivery report is sent to the sender of the original message
    
    The Skip action is selected by default.
    
    If you want to automatically place messages in Backup, turn on the Place original message in Backup toggle switch.
    This toggle switch is off by default.
    
    If you want a tag to be added automatically to the beginning of the subject of messages, in the Text to add to message subject field, enter the text of the tag.
    By default, no tag is assigned.
    
    If you want notifications to be sent based on the results of the scan, under Notifications, click Add and configure the following:
    In the Template drop-down list, select a notification template.
    Under Recipients, select check boxes next to the recipients of the notification. Recipients may be:
    Recipients from the general list.
    This option is available if the general list of recipients contains at least one email address.
    
    Message recipients.
    Message sender.
    Custom addresses.
    If you selected the Custom addresses option, in the Custom addresses field, specify other email addresses of notification recipients.
    Use a semicolon or a new line to separate email addresses.
    
    Under Notification contents, select one of the following values:
    Notification only.
    Notification with the original message attached.
    If necessary, repeat the steps to configure as many notifications as you need.
  4. On the Fail tab, configure the actions that you want to apply to a message in case of a Fail authentication status.
    Under Mode, select an action to apply to the message:
    Apply DMARC policy
    Custom action
    The Apply DMARC policy action is selected by default.
    
    If you selected the Apply DMARC policy, under Policy select the tab and configure the actions to be applied to the message if a DMARC policy of the same name is configured on the sender's DNS server:
    None.
    Under Action, select an action to apply to the message:
    Skip.
    Reject.
    Delete message.
    The Skip action is selected by default.
    
    If you want to automatically place messages in Backup, turn on the Place original message in Backup toggle switch.
    This toggle switch is off by default.
    
    If you want a tag to be added automatically to the beginning of the subject of messages, in the Text to add to message subject field, enter the text of the tag.
    By default, no tag is assigned.
    
    If you want notifications to be sent based on the results of the scan, under Notifications, click Add and configure the following:
    In the Template drop-down list, select a notification template.
    Under Recipients, select check boxes next to the recipients of the notification. Recipients may be:
    Recipients from the general list.
    This option is available if the general list of recipients contains at least one email address.
    
    Message recipients.
    Message sender.
    Custom addresses.
    If you selected the Custom addresses option, in the Custom addresses field, specify other email addresses of notification recipients.
    Use a semicolon or a new line to separate email addresses.
    
    Under Notification contents, select one of the following values:
    Notification only.
    Notification with the original message attached.
    If necessary, repeat the steps to configure as many notifications as you need.
    
    Quarantine.
    Under Action, select an action to apply to the message:
    Skip.
    Reject.
    Delete message.
    The Skip action is selected by default.
    
    If you want to automatically place messages in Backup, turn on the Place original message in Backup toggle switch.
    This toggle switch is off by default.
    
    If you want a tag to be added automatically to the beginning of the subject of messages, in the Text to add to message subject field, enter the text of the tag.
    By default, no tag is assigned.
    
    If you want notifications to be sent based on the results of the scan, under Notifications, click Add and configure the following:
    In the Template drop-down list, select a notification template.
    Under Recipients, select check boxes next to the recipients of the notification. Recipients may be:
    Recipients from the general list.
    This option is available if the general list of recipients contains at least one email address.
    
    Message recipients.
    Message sender.
    Custom addresses.
    If you selected the Custom addresses option, in the Custom addresses field, specify other email addresses of notification recipients.
    Use a semicolon or a new line to separate email addresses.
    
    Under Notification contents, select one of the following values:
    Notification only.
    Notification with the original message attached.
    If necessary, repeat the steps to configure as many notifications as you need.
    
    Reject.
    Under Action, select an action to apply to the message:
    Skip.
    Reject.
    Delete message.
    The Reject action is selected by default.
    
    If you want to automatically place messages in Backup, turn on the Place original message in Backup toggle switch.
    This toggle switch is off by default.
    
    If you want a tag to be added automatically to the beginning of the subject of messages, in the Text to add to message subject field, enter the text of the tag.
    By default, no tag is assigned.
    
    If you want notifications to be sent based on the results of the scan, under Notifications, click Add and configure the following:
    In the Template drop-down list, select a notification template.
    Under Recipients, select check boxes next to the recipients of the notification. Recipients may be:
    Recipients from the general list.
    This option is available if the general list of recipients contains at least one email address.
    
    Message recipients.
    Message sender.
    Custom addresses.
    If you selected the Custom addresses option, in the Custom addresses field, specify other email addresses of notification recipients.
    Use a semicolon or a new line to separate email addresses.
    
    Under Notification contents, select one of the following values:
    Notification only.
    Notification with the original message attached.
    If necessary, repeat the steps to configure as many notifications as you need.
    
    If you selected the Custom action action, configure the following:
    Under Action, select an action to apply to the message:
    Skip.
    Reject.
    Delete message.
    The Skip action is selected by default.
    
    If you want to automatically place messages in Backup, turn on the Place original message in Backup toggle switch.
    This toggle switch is off by default.
    
    If you want a tag to be added automatically to the beginning of the subject of messages, in the Text to add to message subject field, enter the text of the tag.
    By default, no tag is assigned.
    
    If you want notifications to be sent based on the results of the scan, under Notifications, click Add and configure the following:
    In the Template drop-down list, select a notification template.
    Under Recipients, select check boxes next to the recipients of the notification. Recipients may be:
    Recipients from the general list.
    This option is available if the general list of recipients contains at least one email address.
    
    Message recipients.
    Message sender.
    Custom addresses.
    If you selected the Custom addresses option, in the Custom addresses field, specify other email addresses of notification recipients.
    Use a semicolon or a new line to separate email addresses.
    
    Under Notification contents, select one of the following values:
    Notification only.
    Notification with the original message attached.
    If necessary, repeat the steps to configure as many notifications as you need.
  5. On the PermError tab, configure the actions that you want to apply to a message in case of a PermError authentication status.
    Under Action, select an action to apply to the message:
    Skip.
    Reject.
    Delete message.
    The Skip action is selected by default.
    
    If you want to automatically place messages in Backup, turn on the Place original message in Backup toggle switch.
    This toggle switch is off by default.
    
    If you want a tag to be added automatically to the beginning of the subject of messages, in the Text to add to message subject field, enter the text of the tag.
    By default, no tag is assigned.
    
    If you want notifications to be sent based on the results of the scan, under Notifications, click Add and configure the following:
    In the Template drop-down list, select a notification template.
    Under Recipients, select check boxes next to the recipients of the notification. Recipients may be:
    Recipients from the general list.
    This option is available if the general list of recipients contains at least one email address.
    
    Message recipients.
    Message sender.
    Custom addresses.
    If you selected the Custom addresses option, in the Custom addresses field, specify other email addresses of notification recipients.
    Use a semicolon or a new line to separate email addresses.
    
    Under Notification contents, select one of the following values:
    Notification only.
    Notification with the original message attached.
    If necessary, repeat the steps to configure as many notifications as you need.
  6. On the TempError tab, configure the actions that you want to apply to a message in case of a TempError authentication status.
    Under Action, select an action to apply to the message:
    Skip.
    Reject.
    Delete message.
    The Skip action is selected by default.
    
    If you want to automatically place messages in Backup, turn on the Place original message in Backup toggle switch.
    This toggle switch is off by default.
    
    If you want a tag to be added automatically to the beginning of the subject of messages, in the Text to add to message subject field, enter the text of the tag.
    By default, no tag is assigned.
    
    If you want notifications to be sent based on the results of the scan, under Notifications, click Add and configure the following:
    In the Template drop-down list, select a notification template.
    Under Recipients, select check boxes next to the recipients of the notification. Recipients may be:
    Recipients from the general list.
    This option is available if the general list of recipients contains at least one email address.
    
    Message recipients.
    Message sender.
    Custom addresses.
    If you selected the Custom addresses option, in the Custom addresses field, specify other email addresses of notification recipients.
    Use a semicolon or a new line to separate email addresses.
    
    Under Notification contents, select one of the following values:
    Notification only.
    Notification with the original message attached.
    If necessary, repeat the steps to configure as many notifications as you need.
  7. Click OK.
  You cannot configure actions for the None status. If the DMARC Message Sender Authentication resulted in a message being assigned the None status, the final authentication status is assigned based on the statuses of the remaining checks (SPF, DKIM, sender domain alignment), regardless of the Consider DMARC authentication result as primary toggle switch.
- DKIM authentication
  Before configuring additional settings of DKIM message authentication for a rule, make sure that DKIM Mail Sender Authentication and the DNS server connection are enabled in the general protection settings.
  1. Under DKIM authentication click Open.
  2. On the General tab, configure general DKIM Mail Sender Authentication settings:
    1. Under Alignment, select a mode:
      Relaxed.
      Organizational domains in the From MIME header and in DKIM signature must match; subdomains may be different.
      
      Strict.
      The domain in the From MIME header must exactly match the domain in DKIM signature.
      
      By default, the Relaxed mode is selected.
    2. Turn on the Consider absence of DKIM signatures as an authentication violation toggle switch if you want to consider the absence of a DKIM signature in a message to be a violation of DKIM Mail Sender Authentication.
      This toggle switch is off by default.
    3. Turn on the Consider temporary errors (TempError) as an authentication violation toggle switch if you want to consider temporary errors to be a violation Mail Sender Authentication.
      This toggle switch is off by default.
    4. Turn on the Consider permanent errors (PermError) as an authentication violation toggle switch if you want to consider permanent errors to be a violation of Mail Sender Authentication.
      This toggle switch is on by default.
  3. On the Action tab, configure the actions that you want to apply to a message that fails Mail Sender Authentication:
    1. Under Action, select an action to apply to the message:
      Skip.
      Reject.
      Delete message.
      The Skip action is selected by default.
    2. If you want to automatically place messages in Backup, turn on the Place original message in Backup toggle switch.
      This toggle switch is off by default.
    3. If you want a tag to be added automatically to the beginning of the subject of messages, in the Text to add to message subject field, enter the text of the tag.
      By default, no tag is assigned.
    4. If you want notifications to be sent based on the results of the scan, under Notifications, click Add and configure the following:
      In the Template drop-down list, select a notification template.
      Under Recipients, select check boxes next to the recipients of the notification. Recipients may be:
      Recipients from the general list.
      This option is available if the general list of recipients contains at least one email address.
      
      Message recipients.
      Message sender.
      Custom addresses.
      If you selected the Custom addresses option, in the Custom addresses field, specify other email addresses of notification recipients.
      Use a semicolon or a new line to separate email addresses.
      
      Under Notification contents, select one of the following values:
      Notification only.
      Notification with the original message attached.
    If necessary, repeat the steps to configure as many notifications as you need.
  4. Click OK.
- SPF authentication
  Before configuring additional settings of SPF message authentication for a rule, make sure that SPF Mail Sender Authentication and the DNS server connection are enabled in the general protection settings.
  1. Under SPF authentication, click Open.
  2. Configure the actions for each SPF Mail Sender Authentication result. Possible SPF Mail Sender Authentication results are listed on the following tabs:
    - Pass
    - Fail
    - SoftFail
    - Neutral
    - PermError
    - TempError
    - None
    You can configure the following actions on each tab:
    1. Under Action, select an action to apply to the message:
      Skip.
      Reject.
      Delete message.
      The Skip action is selected by default.
    2. If you want to automatically place messages in Backup, turn on the Place original message in Backup toggle switch.
      This toggle switch is off by default.
    3. If you want a tag to be added automatically to the beginning of the subject of messages, in the Text to add to message subject field, enter the text of the tag.
      By default, no tag is assigned.
    4. If you want notifications to be sent based on the results of the scan, under Notifications, click Add and configure the following:
      In the Template drop-down list, select a notification template.
      Under Recipients, select check boxes next to the recipients of the notification. Recipients may be:
      Recipients from the general list.
      This option is available if the general list of recipients contains at least one email address.
      
      Message recipients.
      Message sender.
      Custom addresses.
      If you selected the Custom addresses option, in the Custom addresses field, specify other email addresses of notification recipients.
      Use a semicolon or a new line to separate email addresses.
      
      Under Notification contents, select one of the following values:
      Notification only.
      Notification with the original message attached.
      If necessary, repeat the steps to configure as many notifications as you need.
- Sender domain alignment
  1. Under Sender domain alignment, click Open.
  2. Under Alignment, select the sender domain alignment mode. Possible options:
    - Relaxed.
      Organizational domains in the MAIL FROM command of the SMTP session and in the From MIME header must match; subdomains may be different.
    - Strict.
      The domain in the MAIL FROM command of the SMTP session must exactly match the domain in the From MIME header.
      
      By default, the Relaxed mode is selected.
    If an empty MAIL FROM command is received, the domain from the HELO keyword of the SMTP session is used.
    If the From MIME header is empty or missing, the alignment result is always Not aligned.
    If the From MIME header lists multiple senders, the domain of the last sender in the list is used.
  3. Configure the actions that you want to apply to a message that fails Mail Sender Authentication:
    1. Under Action, select an action to apply to the message:
      Skip.
      Reject.
      Delete message.
      The Skip action is selected by default.
    2. If you want to automatically place messages in Backup, turn on the Place original message in Backup toggle switch.
      This toggle switch is off by default.
    3. If you want a tag to be added automatically to the beginning of the subject of messages, in the Text to add to message subject field, enter the text of the tag.
      By default, no tag is assigned.
    4. If you want notifications to be sent based on the results of the scan, under Notifications, click Add and configure the following:
      In the Template drop-down list, select a notification template.
      Under Recipients, select check boxes next to the recipients of the notification. Recipients may be:
      Recipients from the general list.
      This option is available if the general list of recipients contains at least one email address.
      
      Message recipients.
      Message sender.
      Custom addresses.
      If you selected the Custom addresses option, in the Custom addresses field, specify other email addresses of notification recipients.
      Use a semicolon or a new line to separate email addresses.
      
      Under Notification contents, select one of the following values:
      Notification only.
      Notification with the original message attached.
    If necessary, repeat the steps to configure as many notifications as you need.
  4. Click OK.
Click Save.

Mail Sender Authentication is configured. The specified settings are applied to messages that match the rule criteria.

To make sure that the configured settings are applied by KSMG, enable Mail Sender Authentication for the rule and enable the configured rule.

Page top