Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

How DMARC setting works in Interscan Messaging Security Virtual Appliance (IMSVA)

    • Updated:
    • 4 Mar 2021
    • Product/Version:
    • Interscan Messaging Security Virtual Appliance All
    • Platform:
    • CentOS
Summary

This article explains the purpose of DMARC and how the DMARC setting work in Interscan Messaging Security Virtual Appliance (IMSVA).

It also discusses if customers should add their own domains under the DMARC verification list.

Details
Public

Understanding DMARC

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email validation system designed to detect and prevent email spoofing. It is intended to combat certain techniques often used in phishing and email spam, such as email messages with forged sender addresses that appear to originate from legitimate organizations.

It also provides a way to authenticate email messages for specific domains, send feedback to senders, and conform to a published policy.

DMARC is designed to fit into the existing email authentication process of IMSVA. It helps email recipients to determine if the purported message aligns with what the recipient knows about the sender. If not, DMARC includes guidance on how to handle the non-aligned messages.

DMARC requires the following:

  • A message that passes the SPF checking
  • A message that passes the DKIM authentication checking
  • Alignment of identifier domains (Identifier alignment requires that a domain authenticated by SPF and DKIM is the same as the message header domain or parent domain.)

By defining DMARC settings, IMSVA allows you to add domain names for DMARC verification, set IP addresses to bypass DMARC verification, and specify actions to take on messages that fail DMARC verification.

There is no need to insert your own domain because DMARC is used to verify if a receiving email is genuine or not so you should insert those domains that more often get spoofed (especially if you have seen in the past attacks towards your organization related to domains that you trust)

DMARC Authentication Policy
SPF
Validation
Result
SPF
Alignment
Result
DKIM
Validation
Result
DKIM
Alignment
Result
DMARC
Result
Default Action
for DMARC Policy
PassPassAnyAnyPassBypass
AnyAnyPassPassPassBypass
Any other situationsFailCheck actions based on DMARC result
  • None: Bypass
  • Quarantine: Quarantine
  • Reject: Reject
  • No DMARC record: Bypass
 

DMARC Settings

By default, DMARC is disabled. You can enable this feature in the IMSVA web console, under Sender Filtering > DMARC.

Below are the possible configuration in DMARC:

  • Enable or disable the DMARC authentication.
  • Enable or disable adding X-Header in the verification result. X-Header is added to indicate whether DMARC authentication is successful or not.
  • Enable or disable delivery of DMARC reports.
  • Select all domains or specify some domains to do DMARC checking.
  • If specified sender domains are added, they will be compared to the "From" value in email header to determine whether messages need DMARC authentication or not.
  • Specify an IP address for the DMARC exception list.
  • Set the any of the following actions based on the DMARC authentication result.
    • Do not intercept messages
    • Quarantine
    • Reject

DMARC Settings

For more information on how to set up DMARC, refer to this document: Specifying DMARC Settings.

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000283062
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.