Mail Sender Authentication

Support

Support for business applications

Kaspersky Secure Mail Gateway

Using message processing rules

Message processing rule configuration scenario

Mail Sender Authentication

16 April 2024

ID 203013

Before configuring Mail Sender Authentication in the message processing rule, make sure that the corresponding Mail Sender Authentication is enabled in general protection settings.

To configure Mail Sender Authentication in the message processing rule:

In the application web interface window, select the Rules section.
In the rule table, select the rule for which you want to configure Mail Sender Authentication.
This opens the View rule window.
Click Edit.
Rule settings become editable.
In the left pane, select the Mail Sender Authentication section.
Use the toggle switch to the right of the section title to enable or disable Mail Sender Authentication for messages that match rule criteria.
By default, Mail Sender Authentication is disabled.
If at the previous step you have enabled Mail Sender Authentication, configure general settings for all authentication types:
- Turn on the Consider temporary errors (TempError) as an authentication violation toggle switch if you want KSMG to treat a TempError temporary error as a Mail Sender Authentication violation.
- Turn on the Consider permanent errors (PermError) as an authentication violation toggle switch if you want KSMG to treat a PermError permanent error as a Mail Sender Authentication violation.
Configure the following scan types:
- DMARC authentication.
  Before configuring settings of DMARC message authentication for a rule, make sure that DMARC Mail Sender Authentication is enabled in general protection settings.
  1. Under DMARC Mail Sender Authentication, turn on the Consider DMARC authentication result as primary toggle switch if you want to determine a Mail Sender Authentication violation based only on DMARC authentication and disregard the results of SPF and DKIM authentication.
    If the toggle switch is turned on, an authentication violation is determined based on the results of DMARC authentication. If the toggle switch is turned off, the results of SPF, DKIM and DMARC authentication are considered to be equivalent. A violation under any of these authentication methods is considered to be a Mail Sender Authentication violation. If violations are found by several authentication methods simultaneously, the strictest of the actions defined for SPF, DKIM, or DMARC Mail Sender Authentication violations is applied to the message.
  2. Under If a DMARC violation is detected, select one of the following actions to take on messages for which DMARC authentication found a Mail Sender Authentication violation:
    - Apply DMARC policy.
      The DMARC policy is configured by the administrator on the DNS server. If the administrator has set a None or Quarantine policy, the application performs the Skip action. The Reject action of the application corresponds to the Reject policy.
    - Reject.
    - Delete message.
    - Skip.
    The Apply DMARC policy action is selected by default.
  3. If you want to automatically place in Backup the messages that failed DMARC authentication, turn on the Put original message to Backup toggle switch.
    This toggle switch is off by default.
  4. If you want tags to be added automatically to the beginning of the subject of messages that failed DMARC authentication, in the Text to add to message subject field, enter the text of the tag.
    By default, no tag is assigned.
- SPF authentication.
  Before configuring additional settings of SPF message authentication for a rule, make sure that SPF Mail Sender Authentication is enabled in the settings of Kaspersky Secure Mail Gateway.
  1. Under SPF Mail Sender Authentication, select the Consider SPF softfail as a violation check box if you want to consider an SPF softfail error detected during SPF Mail Sender Authentication as an SPF Mail Sender Authentication violation.
  2. Under If a SPF violation is detected, select one of the following actions to take on messages for which SPF authentication found a Mail Sender Authentication violation:
    - Delete message.
    - Reject.
    - Skip.
    The Skip action is selected by default.
  3. If you want to automatically place in Backup those messages for which SPF authentication found an authentication violation, turn on the Put original message to Backup toggle switch.
    This toggle switch is off by default.
  4. If you want tags to be added automatically to the beginning of the subject of messages for which SPF authentication found an authentication violation, in the Text to add to message subject field, enter the text of the tag.
    By default, no tag is assigned.
- DKIM authentication.
  Before configuring additional settings of DKIM message authentication for a rule, make sure that DKIM Mail Sender Authentication is enabled in the settings of Kaspersky Secure Mail Gateway.
  1. Under DKIM Mail Sender Authentication, turn on the Consider absence of DKIM signature as an authentication violation toggle switch if you want to consider the absence of a DKIM signature in a message to be a violation of DKIM Mail Sender Authentication.
  2. Under Alignment mode, select an authentication mode:
    - Relaxed.
    - Strict.
  3. Under If a DKIM violation is detected, select one of the following actions to take on messages for which a DKIM authentication found a Mail Sender Authentication violation.
    - Delete message.
    - Reject.
    - Skip.
    The Skip action is selected by default.
  4. If you want to automatically place in Backup the messages that failed DKIM authentication, turn on the Put original message to Backup toggle switch.
    This toggle switch is off by default.
  5. If you want tags to be added automatically to the beginning of the subject of messages that failed DKIM authentication, in the Text to add to message subject field, enter the text of the tag.
    By default, no tag is assigned.
Click Save.

Mail Sender Authentication is configured. The specified settings are applied to messages that match the rule criteria.

To make sure that the configured settings are applied by KSMG, enable Mail Sender Authentication for the rule and enable the configured rule.

Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company

Web and device controls. Data encryption. Centralized and convenient management from a single console.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.