In July the Australian Signals Directorate, part of the Department of Defence, and the Australian Cyber Security Centre issued a report for IT professionals titled, Malicious Email Mitigation Strategies. The report recommends the most effective methods of protecting organizations from email-borne attacks, and includes deploying DKIM, DMARC, and SPF. Furthermore it recommends using DMARC with a “p=reject” policy on the organization’s domain(s) to prevent messages from would-be imposters from reaching the inbox. The report is intended for both government departments and the private sector.
The first and longest section of the report focuses on filtering and manipulating attachments. There are many recommendations in this category, ranked by effectiveness from “excellent” to “minimal.” Most of them involve blocking or disabling active or executable content and application macros. This is followed by a short section on message content filtering and URL replacement, and then a section on “sender verification” (or email authentication) almost as long as the first section. These recommendations involve taking appropriate action on messages that fail DKIM, SPF, and DMARC policies, as well as setting strong policies for the organization’s domains.
The report is concise at only 11 pages, including a three page table rating each measure in a number of categories. These categories include overall effectiveness, initial and operating costs, and several points of intrusion prevention and containment. A reference section towards the end of the report includes links to additional resources for matters raised in the report.