This article provides a guide on how to create a policy on Hosted Email Security (HES) to allow valid senders that are blocked due to DMARC policy.
-
Go to Inbound Protection > Domain-based Authentication > Domain-based Message Authentication, Reporting and Conformance (DMARC). Expand the Intercept section and select Do not Intercept messages for all the values.
-
Go to Inbound Protection > Policy Objects > Keyword Expressions. The Add Keyword Expression Category window will appear. Enter a List name. For this example, we used "DMARC Checking" as the list name. Click Add to a add Keyword Expression/s.
-
Create a policy to quarantine email for domains that are not under your sender exceptions policy. Go to Inbound Protection > Policy > Add Rule. To create a policy for all your domains, got to the Recepients and Senders tab on the left pane, expand the Sender Exceptions section and type the domain or email address then click Add.
-
Go to the Scanning Criteria tab on the left pane, tick the Advanced radio button and click keyword expressions. The Header Keyword Expressions popup window will appear. Under, Specified header matches, select Other then enter “X-TM-Authentication-Results” in the field next to it. Add the DMARC policy rule that you created on step 2, which is "DMARC Checking".
-
Go to the Actions tab on the left pane, expand the Intercept section then select Quarantine.