Why do you need DMARC to protect your email domains from being leveraged in phishing attacks? To get the full picture, let's look at the basics—and how DMARC came to be.
This post originally appeared on the Armadillo Blog and has been lightly edited for clarity.
Most organisations have been successful in blocking malicious emails targeted at their employees, at least to some extent. Various on-premise and cloud providers exist to take care of anti-spam, anti-virus, reputation scores, and advanced features such as sandboxing of executables.
DMARC builds on two earlier email authentication standards: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).
In this final post of the DMARC series we’ll discuss the latest crypto updates to DKIM known as the DKIM Crypto Update (DCRUP) to strengthen DKIM.
Picking the Lock
As we mentioned in the first post of this series, with the arrival of ARC, one of the biggest blockers to DMARC adoption up to now has been the inability to use it with mailing lists or forwarders.
Agari has been working diligently to stop the abuse of email since its founding in 2009. By driving increased adoption of DMARC email authentication, Agari (and the industry as a whole) has made it much harder for criminals and other bad actors to forge email identity.
The Department of Homeland Security binding directive (BOD 18-01) outlines several milestones that agencies must meet in order to show progress and, ultimately, compliance with the directive.
On October 16, 2017, the U.S. Department of Homeland Security issued Binding Operational Directive (BOD) 18-01 that mandates the implementation of specific security standards to strengthen email and website security among government agencies.
With the surge of phishing and other advanced email attacks, you can’t be too careful when it comes to your inbound email messages. Beyond viewing the basic information provided, you should make it a habit of viewing and understanding your emails' full headers.