Domain Message Authentication Reporting and Compliance

Revision as of 08:30, 14 April 2021 by Greggory.elton (talk | contribs) (Created page with "<div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549/gc-enterprise-secur...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
JoinusonGCconnex.png
ESAcontactus.png
GOC ESA.jpg

Background

  • Canadians rely on the Government of Canada to provide secure digital services in a way that protects the information they provide to the government.
  • By implementing specific security standards that have been widely adopted in industry, departments and agencies can minimize spam and better protect users who might otherwise fall victim to a phishing email that appears to come from a government-owned system.
  • This includes implementing Domain-based Message Authentication, Reporting and Conformance (DMARC) which protects government email domains from spoofing and phishing.
  • Goal is to reduce the risk posed to Canadians posed by malicious emails impersonating the Government of Canada



DMARC Concepts and Architecture

File:DMARC DIAGRAM2.png
How does email authentication work?

How does email authentication work?

  • An email is sent by a threat actor who is spoofing their email to look like a Canadian Bank.
  • The sender receives the email and attempts to forward it to the actual bank.
  • The Canadian Bank's email authentication records notices that the sender domain is not recognized as a legitimate domain.
  • Malicious email is blocked without reaching the target's inbox.
File:DMARC EXPLAINED.png
How does DMARC work?

How does DMARC work?

  • Author composes & sends an email.
  • The sending mail server inserts a DKIM header and heads towards the receiver.
  • The email and sender domain is scrutinized and tested based on checks such as IP Blocklists, Reputation, Rate Limits, etc...
  • DMARC checks the DKIM header that was inserted by the sending mail server for legitimacy.
  • DMARC retrieves an "Envelope Form" via SPF.
  • The email then has one of three outcomes.
    • Passed - Email gets sent to proper user and goes directly into the inbox.
    • Quarantine - Email fails DMARC policy and is send to the user's SPAM/Junk folder.
    • Reject- Failed DMARC policy, Email is rejected and the message is dropped before it reaches the user.


References