| Line 23: |
Line 23: |
| | | | |
| | |} | | |} |
| − | </div>{{TOCright}} | + | </div>{{Delete|reason=Expired Content}} |
| − | | |
| − | == Background ==
| |
| − | *Canadians rely on the Government of Canada to provide secure digital services in a way that protects the information they provide to the government.
| |
| − | *By implementing specific security standards that have been widely adopted in industry, departments and agencies can minimize spam and better protect users who might otherwise fall victim to a phishing email that appears to come from a government-owned system.
| |
| − | *This includes implementing Domain-based Message Authentication, Reporting and Conformance (DMARC) which protects government email domains from spoofing and phishing.
| |
| − | *Goal is to reduce the risk posed to Canadians posed by malicious emails impersonating the Government of Canada
| |
| − | | |
| − | | |
| − | | |
| − | <br>
| |
| − | | |
| − | == DMARC Concepts and Architecture ==
| |
| − | [[File:DMARC DIAGRAM2.png|thumb|How does email authentication work?]]
| |
| − | | |
| − | === How does email authentication work? ===
| |
| − | *An email is sent by a threat actor who is spoofing their email to look like a Canadian Bank.
| |
| − | *The sender receives the email and attempts to forward it to the actual bank.
| |
| − | *The Canadian Bank's email authentication records notices that the sender domain is not recognized as a legitimate domain.
| |
| − | *Malicious email is blocked without reaching the target's inbox.
| |
| − | [[File:DMARC EXPLAINED.png|thumb|How does DMARC work? ]]
| |
| − | | |
| − | === How does DMARC work? ===
| |
| − | *Author composes & sends an email.
| |
| − | *The sending mail server inserts a DKIM header and heads towards the receiver.
| |
| − | *The email and sender domain is scrutinized and tested based on checks such as IP Blocklists, Reputation, Rate Limits, etc...
| |
| − | *DMARC checks the DKIM header that was inserted by the sending mail server for legitimacy.
| |
| − | *DMARC retrieves an "Envelope Form" via SPF.
| |
| − | *The email then has one of three outcomes.
| |
| − | **Passed - Email gets sent to proper user and goes directly into the inbox.
| |
| − | **Quarantine - Email fails DMARC policy and is send to the user's SPAM/Junk folder.
| |
| − | **Reject- Failed DMARC policy, Email is rejected and the message is dropped before it reaches the user.
| |
| − | | |
| − | <br>
| |
| − | | |
| − | == References ==
| |
| − | *[https://cyber.dhs.gov/bod/18-01/#what-is-email-authentication| What is Email Authentication?]
| |
| − | *[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-177r1.pdf Trustworthy Email - NIST Publication]
| |
| − | *[https://dmarc.org What is DMARC?]
| |
| − | *[https://internet.nl Netherlands Email and Domain Compliance Tool]
| |
| − | *[https://www.gov.uk/government/publications/email-security-standards/domain-based-message-authentication-reporting-and-conformance-dmarc Using DMARC in your Organization]
| |
| − | *[https://dmarc.globalcyberalliance.org/ DMARC - Email Authentication Made Easier]
| |
| − | *[https://www.gcpedia.gc.ca/gcwiki/images/5/5b/Enhancing_Email_Security_with_DMARC.pptx Enhancing Email Security with DMARC]
| |
| − | *[https://www.gcpedia.gc.ca/gcwiki/images/a/a8/Enhancing_Email_Security_with_DMARC_-_French.PPTX Enhancing Email Security with DMARC - French]
| |
| − | [[Category:Government of Canada Enterprise Security Architecture (ESA) Program]]
| |
| − | [[Category:Enterprise Security Architecture]]
| |
| − | [[Category:GC Enterprise Architecture]]
| |