A security analyst at an e-commerce company notices a surge in phishing attempts targeting their customers. The malicious emails successfully spoof the company's domain, making them appear legitimate. The company has already implemented SPF and DKIM. However, they lack a mechanism to instruct receiving email servers on how to handle these unauthenticated messages and are not receiving any reports on fraudulent activity. Which of the following should the analyst implement to gain this visibility and control?
Transport Layer Security (TLS) enforcement
A more restrictive Sender Policy Framework (SPF) record
A Secure Email Gateway (SEG)
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
DMARC (Domain-based Message Authentication, Reporting, and Conformance) builds upon existing SPF and DKIM records to address email spoofing. It allows a domain owner to publish a policy that instructs receiving mail servers on how to handle messages that fail authentication, such as quarantining or rejecting them. It also provides a critical reporting mechanism, giving the domain owner visibility into how their domain is being used and abused across the internet. A Secure Email Gateway (SEG) primarily filters an organization's incoming mail, Transport Layer Security (TLS) encrypts mail in transit but does not authenticate the sender's domain, and updating SPF alone does not provide the necessary policy enforcement or reporting capabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is email spoofing, and how does DMARC help prevent it?
Open an interactive chat with Bash
What is the difference between SPF, DKIM, and DMARC in email authentication?