Difference between revisions of "Domain Message Authentication Reporting and Compliance"

From wiki
Jump to navigation Jump to search
(Created page with "<div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549/gc-enterprise-secur...")
Line 23: Line 23:
</div>{{Delete|reason=Expired Content}}
== Background ==
*Canadians rely on the Government of Canada to provide secure digital services in a way that protects the information they provide to the government.
*By implementing specific security standards that have been widely adopted in industry, departments and agencies can minimize spam and better protect users who might otherwise fall victim to a phishing email that appears to come from a government-owned system.
*This includes implementing Domain-based Message Authentication, Reporting and Conformance (DMARC) which protects government email domains from spoofing and phishing.
*Goal is to reduce the risk posed to Canadians posed by malicious emails impersonating the Government of Canada
== DMARC Concepts and Architecture  ==
[[File:DMARC DIAGRAM2.png|thumb|How does email authentication work?]]
=== How does email authentication work? ===
*An email is sent by a threat actor who is spoofing their email to look like a Canadian Bank.
*The sender receives the email and attempts to forward it to the actual bank.
*The Canadian Bank's email authentication records notices that the sender domain is not recognized as a  legitimate domain.
*Malicious email is blocked without reaching the target's inbox.
[[File:DMARC EXPLAINED.png|thumb|How does DMARC work? ]]
=== How does DMARC work? ===
*Author composes & sends an email.
*The sending mail server inserts a DKIM header and heads towards the receiver.
*The email and sender domain is scrutinized and tested based on checks such as IP Blocklists, Reputation, Rate Limits, etc...
*DMARC checks the DKIM header that was inserted by the sending mail server for legitimacy.
*DMARC retrieves an "Envelope Form" via SPF.
*The email then has one of three outcomes.
**Passed - Email gets sent to proper user and goes directly into the inbox.
**Quarantine - Email fails DMARC policy and is send to the user's SPAM/Junk folder.
**Reject- Failed DMARC policy, Email is rejected and the message is dropped before it reaches the user.
== References ==
*[https://cyber.dhs.gov/bod/18-01/#what-is-email-authentication| What is Email Authentication?]
*[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-177r1.pdf Trustworthy Email - NIST Publication]
*[https://dmarc.org What is DMARC?]
*[https://internet.nl Netherlands Email and Domain Compliance Tool]
*[https://www.gov.uk/government/publications/email-security-standards/domain-based-message-authentication-reporting-and-conformance-dmarc Using DMARC in your Organization]
*[https://dmarc.globalcyberalliance.org/ DMARC - Email Authentication Made Easier]
*[https://www.gcpedia.gc.ca/gcwiki/images/5/5b/Enhancing_Email_Security_with_DMARC.pptx Enhancing Email Security with DMARC]
*[https://www.gcpedia.gc.ca/gcwiki/images/a/a8/Enhancing_Email_Security_with_DMARC_-_French.PPTX Enhancing Email Security with DMARC - French]
[[Category:Government of Canada Enterprise Security Architecture (ESA) Program]]
[[Category:Enterprise Security Architecture]]
[[Category:GC Enterprise Architecture]]

Latest revision as of 13:38, 20 April 2021