Domain Message Authentication Reporting and Compliance

From wiki
Revision as of 09:30, 14 April 2021 by Greggory.elton (talk | contribs) (Created page with "<div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


  • Canadians rely on the Government of Canada to provide secure digital services in a way that protects the information they provide to the government.
  • By implementing specific security standards that have been widely adopted in industry, departments and agencies can minimize spam and better protect users who might otherwise fall victim to a phishing email that appears to come from a government-owned system.
  • This includes implementing Domain-based Message Authentication, Reporting and Conformance (DMARC) which protects government email domains from spoofing and phishing.
  • Goal is to reduce the risk posed to Canadians posed by malicious emails impersonating the Government of Canada

DMARC Concepts and Architecture

How does email authentication work?

How does email authentication work?

  • An email is sent by a threat actor who is spoofing their email to look like a Canadian Bank.
  • The sender receives the email and attempts to forward it to the actual bank.
  • The Canadian Bank's email authentication records notices that the sender domain is not recognized as a legitimate domain.
  • Malicious email is blocked without reaching the target's inbox.
How does DMARC work?

How does DMARC work?

  • Author composes & sends an email.
  • The sending mail server inserts a DKIM header and heads towards the receiver.
  • The email and sender domain is scrutinized and tested based on checks such as IP Blocklists, Reputation, Rate Limits, etc...
  • DMARC checks the DKIM header that was inserted by the sending mail server for legitimacy.
  • DMARC retrieves an "Envelope Form" via SPF.
  • The email then has one of three outcomes.
    • Passed - Email gets sent to proper user and goes directly into the inbox.
    • Quarantine - Email fails DMARC policy and is send to the user's SPAM/Junk folder.
    • Reject- Failed DMARC policy, Email is rejected and the message is dropped before it reaches the user.