Page 24 - Cyber Defense eMagazine - October 2017
P. 24

“DMARC” for short. Within its first year, 60% of internet mailboxes used DMARC verification for
               anti-spam and anti-phishing.

               DMARC allows a message sender’s domain to advertise if their messages should be protected
               by  SPF  and/or  DKIM,  and  provides  instructions  to  recipient  mail  servers  for  what  to  do  if  a
               message fails these checks. Along with the normal SPF and DKIM checks, DMARC also checks
               if the envelope MAIL FROM header matches the message’s FROM header.

               DMARC assumes that the domain administrator has already configured DKIM and SPF for their
               sending  domain.  DMARC  then  uses  a  DNS  TXT  record,  just  like  SPF  and  DKIM,  to  verify
               important information for the sending domain. The DMARC DNS record includes a policy for the
               recipient  mail  server  to  apply  when  DKIM  and/or  SPF  records  fail,  such  as  rejecting  the
               message, quarantining  it,  or  allowing  it  through,  and  an  email  address  to  send  reports to for
               non-compliant messages.

               DMARC  fills  in  the  gaps  left  over  from  SPF  and  DKIM,  providing  additional  anti-spoofing
               protections  and  directions  for  recipient  mail  servers  on  how  to  handle  potentially  spoofed
               messages.  A  recent  report  by  ValiMail  and  the  Global  Cyber  Alliance  found  76%  of  email
               inboxes now support DMARC verification. Unfortunately, according to a recent report by Return
               Path, DMARC implementation is still very low in most verticals, ranging from 16% (Healthcare)
               at worst to 61% (Payment Services) at best.
               To find out why these anti-phishing standards aren’t more widely used and what might be done
               to increase their adoption, check back for Part II next month.



               About the Author


               Marc Laliberte is an Information Security Threat Analyst
               at WatchGuard Technologies. Specializing in networking
               security  protocols  and  Internet  of  Things  technologies,
               Marc’s  day-to-day  responsibilities  include  researching
               and  reporting  on  the  latest  information  security  threats
               and  trends.  He  has  discovered,  analyzed,  responsibly
               disclosed    and   reported   on    numerous     security
               vulnerabilities  in  a  variety  of  Internet  of  Things  devices
               since  joining  the  WatchGuard  team  in  2012. With
               speaking  appearances  at  industry  events  and  regular
               contributions  to  online  IT,  technology  and  security
               publications,  Marc  is  a  thought  leader  who  provides
               insightful security guidance to all levels of IT personnel.









                    24   Cyber Defense eMagazine – October 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   19   20   21   22   23   24   25   26   27   28   29