Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
How to repair DMARC
Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to repair DMARC
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 12,793
Threads: 8,839
Thanks Received: 8,732 in 6,893 posts
Thanks Given: 9,633
Joined: 12 September 18
#1
Lightbulb  21 August 20, 06:59
Quote:
[Image: how-to-cure-dmarc-featured.jpg]

The DMARC mechanism has its drawbacks, but we have developed a technology to fix them.

Over e-mail’s history, people have come up with a lot of technologies designed to protect recipients from fraudulent (mainly phishing) e-mails. DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) had significant drawbacks, so the Domain-based Message Authentication Reporting and Conformance (DMARC) mail authentication mechanism was designed to identify messages with a fake sender domain. But DMARC also turned out to be far from an ideal solution. Therefore, our researchers have developed an additional technology to eliminate the disadvantages of this approach.

How DMARC works

A company seeking to prevent others from sending e-mails using the names of its employees can configure DMARC in its DNS resource record. In essence, that allows message recipients to make sure the domain name in the “From:” header is the same as in DKIM and SPF. In addition, the record indicates the address to which mail servers send reports concerning received messages that did not pass verification (for example, if an error occurred or an attempt to fraudulently impersonate a sender was detected).

In the same resource record, you can also configure DMARC policy to specify what happens to the message if it fails to pass the check. Three types of DMARC policies cover such cases:
  • Reject is the strictest policy. Choose it to block all e-mails that do not pass the DMARC check.
  • With the Quarantine policy, depending on the mail provider’s exact settings, the message will either end up in the spam folder or be delivered but marked suspicious.
  • None is the mode that lets the message reach the recipient’s mailbox normally, although a report is still sent to the sender.
Disadvantages of DMARC

By and large, DMARC is capable. The technology does make phishing much more difficult. But in solving one problem, this mechanism causes another: false positives. Legitimate messages may be blocked or marked as spam in two types of cases:
  • Forwarded messages. Some mail systems break the SPF and DKIM signatures in forwarded messages, whether messages are forwarded from various mailboxes or they are redirected between intermediate mail nodes (relays).
  • Incorrect settings. It is not uncommon for mail server administrators to make mistakes when configuring DKIM and SPF.
When it comes to business e-mail, it’s difficult to say which scenario is worse: letting through a phishing e-mail or blocking a legitimate message.
...
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Music Videos
Billy Joel - The Riv...jAcos — 17:24
Movies! Movies!
Beverly Hills Cop: A...jAcos — 17:22
TV Series
Matlock Kathy Bat...jAcos — 17:16
F-Secure 19.4
What's new in the ...harlan4096 — 09:44
Thunderbird Supernova 115.10.1
Thunderbird Supern...harlan4096 — 09:41

[-]
Birthdays
Today's Birthdays
avatar (36)RobertUtelt
Upcoming Birthdays
avatar (43)wapedDow
avatar (42)techlignub
avatar (41)Stevenmam
avatar (48)onlinbah
avatar (49)steakelask
avatar (43)Termoplenka
avatar (41)bycoPaist
avatar (47)pieloKat
avatar (41)ilyagNeexy
avatar (49)donitascene
avatar (49)Toligo

[-]
Online Staff
There are no staff members currently online.

>