Marc, you’ll want to pay attention to a couple other considerations when working with DMARC on the Cisco-IronPorts. 1. Do not enable policy enforcement on the appliance unless the AsyncOS version is over 9.6 (or 8.5.7 on the 8.x branch), due to a bug in properly verifying multiple DKIM signatures. Otherwise you _will_ have false positives. 2. The IronPort DMARC policy reporting implementation does not have a capability to properly align reported data on UTC 00:00-23:59:59 boundaries*, so you should set the report generation start-time to whatever equates to UTC-midnight in the system time zone. 3. enforcement of p=quarantine goes into a system-level (not end-user accessible) storage. Make certain that’s sized appropriately.
* https://tools.ietf.org/html/rfc7489#section-7.2 —Tomki From: dmarc-discuss <[email protected]> on behalf of Marc Luescher via dmarc-discuss <[email protected]> Reply-To: <[email protected]> Date: Wednesday, November 4, 2015 at 04:48 To: <[email protected]> Subject: [dmarc-discuss] Neebie Questions about Spoofing Prevention and DMARC implementation > Hi there, > > I am new to this mailing list but have the challenging task to implements SPF, > DKIM and DMARC on Cisco Ironports for two extremely large worldwide companies > with 100's of > e-mail domains each. To make things more challenging by end of next week as we > are under heavy spoofing attacks. >
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
