In July the Australian Signals Directorate, part of the Department of Defence, and the Australian Cyber Security Centre issued a report for IT professionals titled, Malicious Email Mitigation Strategies. The report recommends the most effective methods of protecting organizations from email-borne attacks, and includes deploying DKIM, DMARC, and SPF. Furthermore it recommends using DMARC with […]
It’s very common for any organization’s first attempt at a DMARC record to get the syntax or content wrong in some respect. This post will share some of the missteps and oddities seen while reviewing a dataset of captured Domain Name System (DNS) queries provided by Farsight Security. To be clear, all of the records […]
When first exploring email authentication, even people with a technical background find that there’s a lot of niche terminology that has to be picked up. This post will try to explain the different terms used for addresses that are associated with email messages. How Is An Email Message Like A Postal Letter? When your postman […]
Government Digital Service (GDS), part of the United Kingdom’s Cabinet Office, is requiring that other government departments adopt DMARC and HTTPS/HSTS to protect their online services by October 1st, 2016. This includes making the strongest DMARC policy (“p=reject”) the default for email services at that time. This will apply to all services operating under the service.gov.uk […]
Philadelphia, Pennsylvania – June 15, 2016 – The need to overcome brand hijacking, phishing and fraud compelled many leading companies to participate in creating the DMARC standards. Since that time, many forward-looking companies have asked how they can become involved in promoting DMARC adoption so we can all enjoy protection worldwide. Responding to demand in […]
The Authenticated Received Chain, or ARC, protocol allows authentication results to be conveyed across indirect mailflows. This is intended to allow traditional services like mailing lists, content scanning, and alumni accounts that forward and/or alter messages to continue to operate in an environment where email authentication is increasingly required for timely delivery of messages, but […]
Yahoo (NASDAQ:YHOO) has been at the forefront of email authentication for over a decade, and they continue to drive the industry forward. Today, Yahoo has taken the next step in their program by publishing strong DMARC policies for 62 of their international domains, listed below. These policies will prevent phishers and spammers from using these […]
Businesses and other organizations can protect themselves from certain classes of phishing attacks on their employees by using DMARC to filter incoming email messages. But whether the company is large or small, they usually don’t have the expertise or resources to build their own filtering solution. That’s why commercial email gateways that support DMARC are […]
Each year since the DMARC protocol was first announced, more and more companies have found that it can help them monitor and protect email using their domains. Here are some notable companies or brands that began doing so in 2015, according to data provided by DMARC.org sponsor Farsight Security. Aflac (insurance) American Express (finance) † […]
Product managers and engineers from some of the world’s largest mailbox providers recently got together to explain coming changes in email authentication at an industry conference. While we can’t share all that was said, we did get permission to share their combined best practice recommendations, which will work as well for a small business as […]