Domain-based Message Authentication, Reporting & Conformance (DMARC) performs email authentication with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) checking.
SPF compares the client IP address to the IP address of the authorized senders in the DNS record. If the test fails, the email is treated as spam.
DKIM allows FortiMail to check for DKIM signatures for incoming email or sign outgoing email with the domain keys for the protected domains.
This recipe covers how to enable DMARC, SPF, and DKIM.
If you require more information on DMARC, SPF, or DKIM, consult the FortiMail Administrator Guide.
Enabling SPF checking |
|
|
You can enable SPF in the antispam profile and in the session profile settings. If you select to Bypass SPF checking in the session profile, however, SPF checking will be bypassed even though you enable it in the antispam profile. To enable SPF in an antispam profile
To enable SPF in a session profile
|
 |
Enabling DKIM checking |
|
|
FortiMail can perform DKIM checking for the incoming mail by query the DNS server that hosts the DNS record for the sender’s domain name to retrieve its public key to decrypt and verify the DKIM signature.
To enable DKIM checking
|
|
Configuring DKIM Signing |
|
|
If you want to sign the outgoing mail with DKIM signatures so that the remote receiving server can verify the signatures, you can do so after you create the protected domains. Note that the DKIM signing settings only appear when configuring an existing protected domain.
To configure DKIM signing
To enable DKIM signing
|
 |
Enabling DMARC |
|
|
DMARC performs email authentication with SPF and DKIM checking. If either SPF or DKIM check passes, DMARC check will pass. If both of them fails, DMARC check will fail. Enabling DMARC will enable both SPF and DKIM. To enable DMARC
|
 |
The post FortiMail Email Authentication: SPF, DKIM and DMARC appeared first on Fortinet Cookbook.