Why do you need DMARC to protect your email domains from being leveraged in phishing attacks? To get the full picture, let's look at the basics—and how DMARC came to be.
This post originally appeared on the Armadillo Blog and has been lightly edited for clarity.
Most organisations have been successful in blocking malicious emails targeted at their employees, at least to some extent. Various on-premise and cloud providers exist to take care of anti-spam, anti-virus, reputation scores, and advanced features such as sandboxing of executables.
DMARC builds on two earlier email authentication standards: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).
Picking the Lock
As we mentioned in the first post of this series, with the arrival of ARC, one of the biggest blockers to DMARC adoption up to now has been the inability to use it with mailing lists or forwarders.
The Department of Homeland Security binding directive (BOD 18-01) outlines several milestones that agencies must meet in order to show progress and, ultimately, compliance with the directive.
On October 16, 2017, the U.S. Department of Homeland Security issued Binding Operational Directive (BOD) 18-01 that mandates the implementation of specific security standards to strengthen email and website security among government agencies.
Pagination
- Page 1
- Next page