Technical Tip: Configuring FortiMail to apply DMARC action of Antispam profile instead of DMARC Policy action

Description

This article describes how to configure FortiMail to take the Antispam profile action, overriding the DMARC record policy.

Scope

FortiMail v7.x.

Solution

In FortiMail v7.2, FortiMail offers three different options regarding which action to take after a failed DMARC check.

Set a DMARC failure action:

• use-policy-action: Respect all actions specified in the DMARC record.
• use-profile-action: Use the action specified in the antispam profile.
• use-profile-action-with-none: Respect p=none sender policy in the DMARC record, and use the antispam profile action otherwise.

By default, FortiMail will use the setting 'use-profile-action-with-none'.

To always take the action configured in the AntiSpam profile, the following commands can be used:

config antispam settings

    set dmarc-failure-action use-profile-action

end

In versions 7.4.x and later, as well as in versions 7.6.0, 7.6.1, and 7.6.2, it is configurable in the GUI under Security -> Option -> Preference.

Note: In versions 7.6.3 and later, the 'DMARC Failure Action' option is no longer available under Security -> Option. Instead, the feature has been enhanced to allow configuration of individual actions based on the DMARC policy.

To configure these settings, navigate to the Antispam Profile, then expand the DMARC section, as described below.