Start your DMARC journey

Start your DMARC journey

Here’s something that I think every organisation should do and that is to implement DMARC. 

For those that don’t know DMARC is a standard that allows you to authenticate your genuine email and prevent others (criminals mostly) from abusing your brand by spoofing your domains. 

It is not a silver bullet, but a good step in protecting your brand, your domain and most importantly your customers. As a result of this authentication it also enables you to track the deliverability of your actual email and enhance same by improving the reputation of your domain(s).

What DMARC does is to bring together existing authentication mechanisms (SPF & DKIM) and enhance them as well as adding reporting and conformance to the mix.

To start the journey, you will need to publish a DNS record.

Create a DNS TXT record with a name of _dmarc

The syntax of your initial record should be:

v=DMARC1;p=none;rua=mailto:address@yourdomain

Where the record states address@yourdomain this should be replaced by a mailbox address at your domain. This mailbox will receive email reports which will allow you to understand which email servers are sending email as your domain. This will include yourself, 3rd party mail agents and most likely some criminals too. It is recommended to create a mailbox specifically for these reports. For ease you could call it dmarc. So dmarc@yourdomain. Obviously, the yourdomain bit should be replaced by your actual domain name.

Around 48 hours after publishing this record you will start to receive email reports into your dmarc mailbox. These reports should be used to help determine which email servers should be sending emails as your domain and which shouldn’t. From there you can start to take the next steps in your journey.

Interpreting these reports can be cumbersome as well as figuring out what it all means. There are a number of organisations that can help you, as well as being able to do it yourself, alongside several open source tools to help in this space. 

I co-founded one of those organisations in EmailAuth.io though there are many more and as I said open source tools to DIY.

Fully implementing DMARC can be hard. Most commonly when it comes to ‘fixing’ a legacy of unloved and uncared for domains. There is no vendor that can solve that for you. They can help with visualisation and understanding, but you will have to invest time and effort alongside anyone you bring in to help. That investment is worth it though.

The main thing is that DMARC is a very good thing to do. It helps you ensure delivery of your genuine email, whilst also preventing abuse against your brand and customers. It is win win in my book.

要查看或添加评论,请登录

Edward Tucker的更多文章

  • Bridging Conflict with a Culture of Collaboration

    Bridging Conflict with a Culture of Collaboration

    When banging heads against other teams (inc suppliers) it can be easy to fall into a cycle of distrust and conflict. It…

  • Changing the thinking to cyber security

    Changing the thinking to cyber security

    One of the biggest changes I think we could make as an industry / discipline to really alter how we approach things is…

    14 条评论
  • Human Firewall feedback request

    Human Firewall feedback request

    LinkedIn InfoSec peeps, I’d like to elicit feedback on a solution we’ve developed please. I think it has got real legs…

    3 条评论
  • The REAL Cyber Skills Gap

    The REAL Cyber Skills Gap

    1. Executive Summary The internet is an amazing resource providing countless opportunities.

    13 条评论
  • Introducing Human Firewall

    Introducing Human Firewall

    Human Firewall is multi-faceted solution. At the front it is a security awareness solution built on the premise of…

  • How Equifax are you?

    How Equifax are you?

    It is very interesting to see the Equifax report. Most pertinently that they had processes, tools and policies in…

    2 条评论
  • 2019 Predictions

    2019 Predictions

    As we are in the season of predictions, which vary from the factual and realistic to the downright comical. We’ve all…

    22 条评论
  • Building a Cyber Security Academy

    Building a Cyber Security Academy

    Introduction We have skills gap and an aging cyber security workforce. We need new blood, and skilled blood at that.

    13 条评论
  • Cyber Insurance - So you’re insured, well everything’s OK then………..isn’t it?

    Cyber Insurance - So you’re insured, well everything’s OK then………..isn’t it?

    Well let’s start with a fairly fundamental question…..

    6 条评论
  • The Cyber Skills Gap

    The Cyber Skills Gap

    According to several recent studies there are more cyber security jobs going unfilled than there are people on the…

    1 条评论

社区洞察

其他会员也浏览了