Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
gmichailidis
Staff
Staff

Created on ‎09-21-2022 08:58 AM Edited on ‎10-05-2025 02:24 PM By Community Manager

Article Id 224357

Technical Tip: Configuring FortiMail to apply DMARC action of Antispam profile instead of DMARC Policy action

Description

 

This article describes how to configure FortiMail to take the AS profile action, overriding the DMARC record policy.

 

Scope

 

FortiMail v7.x.

 

Solution

 

In FortiMail v7.2, FortiMail offers three different options regarding which action to take after a failed DMARC check.

 

Set a DMARC failure action:

  • use-policy-action: Respect all actions specified in the DMARC record.
  • use-profile-action: Use the action specified in the antispam profile.
  • use-profile-action-with-none: Respect p=none sender policy in the DMARC record, and use the antispam profile action otherwise.

 

By default, FortiMail will use the setting 'use-profile-action-with-none'.

 

To always take the action configured in the AntiSpam profile, the following commands can be used:

 

config antispam settings

    set dmarc-failure-action use-profile-action

end

 

In versions 7.4.x and later, it is configured in the GUI under Security -> Options -> Preference.

image.png

 

Note: In versions 7.6.3 and 7.6.4, the 'DMARC Failure Action' feature is not available under Security -> Option. To access this feature, navigate to the Antispam Profile, then expand the DMARC section, as described below.

 

1.JPG

 

2.JPG

3102
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.