Sequence of Message Authentication
Find out how the different message authentications are processed in Sophos Email Security.
Message authentication comprises three checks: DMARC, SPF, and DKIM, which are performed in the order that they're listed. The DMARC check depends on the SPF and DKIM checks. DMARC can only be evaluated if the sender has a valid DMARC record in DNS and supports SPF or DKIM checking. To perform the DMARC check, the SPF and the DKIM check are performed, regardless of the failure options configured in the policy. If neither the SPF check nor the DKIM check passes, the DMARC check fails.
For more information on these checks, see the following:
Message Authentication flow chart
The following flow chart shows the order in which these message authentications are carried out in different scenarios, and what happens when each message authentication passes or fails.
Note
You can click the image to open a higher resolution version. Use your browser's back arrow to return to this page.
Message Authentication decision table
The following decision table shows you the actions taken for every combination of policy setting and check result.
Note
You can click the image to open a higher resolution version. Use your browser's back arrow to return to this page.