Mail Sender Authentication

Support

Support for business applications

Kaspersky Secure Mail Gateway

Using message processing rules

Message processing rule configuration scenario

Mail Sender Authentication

26 April 2024

ID 203013

Before configuring Mail Sender Authentication in the message processing rule, make sure that the corresponding Mail Sender Authentication is enabled in general protection settings.

To configure Mail Sender Authentication in the message processing rule:

In the application web interface window, select the Rules section.
In the rule table, select the rule for which you want to configure Mail Sender Authentication.
This opens the View rule window.
Click Edit.
Rule settings become editable.
In the left pane, select the Mail Sender Authentication section.
Use the toggle switch to the right of the section title to enable or disable Mail Sender Authentication for messages that match rule criteria.
By default, Mail Sender Authentication is disabled.
If at the previous step you have enabled Mail Sender Authentication, configure general settings for all authentication types:
- Select the Consider temporary errors (TempError) as an authentication violation check box if you want Kaspersky Secure Mail Gateway to consider temporary errors (TempError) a violation of Mail Sender Authentication.
- Select the Consider permanent errors (PermError) as an authentication violation check box if you want Kaspersky Secure Mail Gateway to consider permanent errors (PermError) a violation of Mail Sender Authentication.
Configure the following scan types:
- DMARC authentication.
  Before configuring settings of DMARC message authentication for a rule, make sure that DMARC Mail Sender Authentication is enabled in general protection settings.
  1. In the DMARC Mail Sender Authentication group of settings, select the Consider DMARC authentication result as primary check box if you want to determine an Mail Sender Authentication violation based only on DMARC authentication while disregarding the results of SPF and DKIM authentication.
    If the check box is selected, an authentication violation is determined based on the results of DMARC authentication. If the check box is cleared, the results of SPF, DKIM and DMARC authentication are considered to be equivalent. A violation under any of these authentication methods is considered to be a Mail Sender Authentication violation. If violations are found by several authentication methods simultaneously, the strictest of the actions defined for SPF, DKIM, or DMARC Mail Sender Authentication violations is applied to the message.
  2. In the If a DMARC violation is detected drop-down list, select one of the following actions to take on messages found to cause an authentication violation during DMARC message authentication:
    - Apply DMARC policy.
      The DMARC policy is configured by the administrator on the DNS server. If the administrator has set a None or Quarantine policy, the application performs the Skip action. The Reject action of the application corresponds to the Reject policy.
    - Reject.
    - Delete message.
    - Skip.
    The Apply DMARC policy action is selected by default.
  3. If you want to automatically place in Backup those messages which the DMARC authentication finds to be inauthentic, select the Move message to Backup check box.
    This check box is cleared by default.
  4. If you want tags to be automatically added after the scan to the beginning of the subject of messages that DMARC authentication finds to violate mail sender authenticity, type the text of the tag in the text box under the Move message to Backup check box.
    By default, no tag is assigned.
- SPF authentication.
  Before configuring additional settings of SPF message authentication for a rule, make sure that SPF Mail Sender Authentication is enabled in the settings of Kaspersky Secure Mail Gateway.
  1. In the SPF Mail Sender Authentication group of settings, select the Consider SPF softfail as a violation check box if you want to consider an SPF softfail error detected during SPF authentication as a violation of Mail Sender Authentication.
  2. In the If a SPF violation is detected drop-down list, select one of the following actions to take on messages found to cause an authentication violation during SPF message authentication:
    - Reject.
    - Delete message.
    - Skip.
    The Skip action is selected by default.
  3. If you want to automatically place in Backup those messages which the SPF authentication finds to be inauthentic, select the Move message to Backup check box.
    This check box is cleared by default.
  4. If you want tags to be automatically added after the scan to the beginning of the subject of messages that SPF authentication finds to violate mail sender authenticity, type the text of the tag in the text box under the Move message to Backup check box.
    By default, no tag is assigned.
- DKIM authentication.
  Before configuring additional settings of DKIM message authentication for a rule, make sure that DKIM Mail Sender Authentication is enabled in the settings of Kaspersky Secure Mail Gateway.
  1. In the DKIM Mail Sender Authentication group of settings, select the Consider absence of DKIM signature as an authentication violation check box if you want to consider the absence of a DKIM signature in the message detected by DKIM authentication as a violation of Mail Sender Authentication.
  2. In the Alignment mode drop-down list, select an authentication mode:
    - Relaxed.
    - Strict.
  3. In the If a DKIM violation is detected drop-down list, select one of the following actions to take on messages found to cause an authentication violation during DKIM Mail Sender Authentication:
    - Reject.
    - Delete message.
    - Skip.
    The Skip action is selected by default.
  4. If you want to automatically place in Backup those messages which the DKIM authentication finds to be inauthentic, select the Move message to Backup check box.
    This check box is cleared by default.
  5. If you want tags to be added after the scan to the beginning of the subject of messages that DKIM authentication finds to violate mail sender authenticity, type the text of the tag in the text box under the Move message to Backup check box.
    By default, no tag is assigned.
Click Save.

Mail Sender Authentication is configured. The specified settings are applied to messages that match the rule criteria.

To ensure the configured settings are applied during the operation of Kaspersky Secure Mail Gateway, make sure to enable Mail Sender Authentication for the rule and to enable the configured rule.

Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company

Web and device controls. Data encryption. Centralized and convenient management from a single console.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.