Domain Message Authentication Reporting and Compliance

From wiki
Revision as of 08:30, 14 April 2021 by Greggory.elton (talk | contribs) (Created page with "<div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549/gc-enterprise-secur...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
JoinusonGCconnex.png
ESAcontactus.png
GOC ESA.jpg
ESA Program Overview ESA Foundation ESA Artifacts ESA Initiatives ESA Tools and Templates ESA Reference Materials Glossary
Cloud Security Initiative HTTPS Initiative Data Loss Prevention Initiative Enterprise Vulnerability Management System Initiative DevSecOps Initiative Integrated Risk Management Initiative DMARC Initiative Zero Trust Security Initiative GC Cyber Security Event Management

Background

  • Canadians rely on the Government of Canada to provide secure digital services in a way that protects the information they provide to the government.
  • By implementing specific security standards that have been widely adopted in industry, departments and agencies can minimize spam and better protect users who might otherwise fall victim to a phishing email that appears to come from a government-owned system.
  • This includes implementing Domain-based Message Authentication, Reporting and Conformance (DMARC) which protects government email domains from spoofing and phishing.
  • Goal is to reduce the risk posed to Canadians posed by malicious emails impersonating the Government of Canada



DMARC Concepts and Architecture

File:DMARC DIAGRAM2.png
How does email authentication work?

How does email authentication work?

  • An email is sent by a threat actor who is spoofing their email to look like a Canadian Bank.
  • The sender receives the email and attempts to forward it to the actual bank.
  • The Canadian Bank's email authentication records notices that the sender domain is not recognized as a legitimate domain.
  • Malicious email is blocked without reaching the target's inbox.
File:DMARC EXPLAINED.png
How does DMARC work?

How does DMARC work?

  • Author composes & sends an email.
  • The sending mail server inserts a DKIM header and heads towards the receiver.
  • The email and sender domain is scrutinized and tested based on checks such as IP Blocklists, Reputation, Rate Limits, etc...
  • DMARC checks the DKIM header that was inserted by the sending mail server for legitimacy.
  • DMARC retrieves an "Envelope Form" via SPF.
  • The email then has one of three outcomes.
    • Passed - Email gets sent to proper user and goes directly into the inbox.
    • Quarantine - Email fails DMARC policy and is send to the user's SPAM/Junk folder.
    • Reject- Failed DMARC policy, Email is rejected and the message is dropped before it reaches the user.


References

Retrieved from "https://wiki.gccollab.ca/index.php?title=Domain_Message_Authentication_Reporting_and_Compliance&oldid=45943"