Important: The GCConnex decommission will not affect GCCollab or GCWiki. Thank you and happy collaborating!

Difference between revisions of "Domain Message Authentication Reporting and Compliance"

From wiki
Jump to navigation Jump to search
(Created page with "<div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549/gc-enterprise-secur...")
 
 
Line 23: Line 23:
  
 
|}  
 
|}  
</div>{{TOCright}}
+
</div>{{Delete|reason=Expired Content}}
 
 
== Background ==
 
*Canadians rely on the Government of Canada to provide secure digital services in a way that protects the information they provide to the government.
 
*By implementing specific security standards that have been widely adopted in industry, departments and agencies can minimize spam and better protect users who might otherwise fall victim to a phishing email that appears to come from a government-owned system.
 
*This includes implementing Domain-based Message Authentication, Reporting and Conformance (DMARC) which protects government email domains from spoofing and phishing.
 
*Goal is to reduce the risk posed to Canadians posed by malicious emails impersonating the Government of Canada
 
 
 
 
 
 
 
<br>
 
 
 
== DMARC Concepts and Architecture  ==
 
[[File:DMARC DIAGRAM2.png|thumb|How does email authentication work?]]
 
 
 
=== How does email authentication work? ===
 
*An email is sent by a threat actor who is spoofing their email to look like a Canadian Bank.
 
*The sender receives the email and attempts to forward it to the actual bank.
 
*The Canadian Bank's email authentication records notices that the sender domain is not recognized as a  legitimate domain.
 
*Malicious email is blocked without reaching the target's inbox.
 
[[File:DMARC EXPLAINED.png|thumb|How does DMARC work? ]]
 
 
 
=== How does DMARC work? ===
 
*Author composes & sends an email.
 
*The sending mail server inserts a DKIM header and heads towards the receiver.
 
*The email and sender domain is scrutinized and tested based on checks such as IP Blocklists, Reputation, Rate Limits, etc...
 
*DMARC checks the DKIM header that was inserted by the sending mail server for legitimacy.
 
*DMARC retrieves an "Envelope Form" via SPF.
 
*The email then has one of three outcomes.
 
**Passed - Email gets sent to proper user and goes directly into the inbox.
 
**Quarantine - Email fails DMARC policy and is send to the user's SPAM/Junk folder.
 
**Reject- Failed DMARC policy, Email is rejected and the message is dropped before it reaches the user.
 
 
 
<br>
 
 
 
== References ==
 
*[https://cyber.dhs.gov/bod/18-01/#what-is-email-authentication| What is Email Authentication?]
 
*[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-177r1.pdf Trustworthy Email - NIST Publication]
 
*[https://dmarc.org What is DMARC?]
 
*[https://internet.nl Netherlands Email and Domain Compliance Tool]
 
*[https://www.gov.uk/government/publications/email-security-standards/domain-based-message-authentication-reporting-and-conformance-dmarc Using DMARC in your Organization]
 
*[https://dmarc.globalcyberalliance.org/ DMARC - Email Authentication Made Easier]
 
*[https://www.gcpedia.gc.ca/gcwiki/images/5/5b/Enhancing_Email_Security_with_DMARC.pptx Enhancing Email Security with DMARC]
 
*[https://www.gcpedia.gc.ca/gcwiki/images/a/a8/Enhancing_Email_Security_with_DMARC_-_French.PPTX Enhancing Email Security with DMARC - French]
 
[[Category:Government of Canada Enterprise Security Architecture (ESA) Program]]
 
[[Category:Enterprise Security Architecture]]
 
[[Category:GC Enterprise Architecture]]
 

Latest revision as of 13:38, 20 April 2021