Difference between revisions of "Domain Message Authentication Reporting and Compliance"
Jump to navigation
Jump to search
(Created page with "<div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549/gc-enterprise-secur...") |
(No difference)
|
Revision as of 08:30, 14 April 2021
ESA Program Overview | ESA Foundation | ESA Artifacts | ESA Initiatives | ESA Tools and Templates | ESA Reference Materials | Glossary |
---|
Background
- Canadians rely on the Government of Canada to provide secure digital services in a way that protects the information they provide to the government.
- By implementing specific security standards that have been widely adopted in industry, departments and agencies can minimize spam and better protect users who might otherwise fall victim to a phishing email that appears to come from a government-owned system.
- This includes implementing Domain-based Message Authentication, Reporting and Conformance (DMARC) which protects government email domains from spoofing and phishing.
- Goal is to reduce the risk posed to Canadians posed by malicious emails impersonating the Government of Canada
DMARC Concepts and Architecture
How does email authentication work?
- An email is sent by a threat actor who is spoofing their email to look like a Canadian Bank.
- The sender receives the email and attempts to forward it to the actual bank.
- The Canadian Bank's email authentication records notices that the sender domain is not recognized as a legitimate domain.
- Malicious email is blocked without reaching the target's inbox.
How does DMARC work?
- Author composes & sends an email.
- The sending mail server inserts a DKIM header and heads towards the receiver.
- The email and sender domain is scrutinized and tested based on checks such as IP Blocklists, Reputation, Rate Limits, etc...
- DMARC checks the DKIM header that was inserted by the sending mail server for legitimacy.
- DMARC retrieves an "Envelope Form" via SPF.
- The email then has one of three outcomes.
- Passed - Email gets sent to proper user and goes directly into the inbox.
- Quarantine - Email fails DMARC policy and is send to the user's SPAM/Junk folder.
- Reject- Failed DMARC policy, Email is rejected and the message is dropped before it reaches the user.