DMARC – Page 13 – WindowsTechs.com

White House email domains are sitting ducks for phishing attacks: study

Posted on April 4, 2018 by Sean Lyngaas

The White House’s delay in implementing an important email security protocol leaves its domain names vulnerable to being used in a large-scale phishing attack, according to a new study. Only one of the 26 email domains managed by the Executive Office of the President (EOP) uses the Domain-based Message, Authentication, Reporting and Conformance (DMARC) protocol to block phishing attempts, the nonprofit Global Cyber Alliance said. Eighteen of those domains haven’t started deploying DMARC. A Department of Homeland Security directive gave federal agencies until Jan. 15 to implement DMARC, which creates a public record for checking whether an email sender is authorized to transmit a message on behalf of a domain. Spokespeople for DHS and the National Security Council did not respond to questions on whether the directive applies to the EOP. The White House has previously claimed it was exempt from a governmentwide-reporting requirement under an IT security law. Email domains […]

The post White House email domains are sitting ducks for phishing attacks: study appeared first on Cyberscoop.

Continue reading White House email domains are sitting ducks for phishing attacks: study→

DMARC 2.0? New BIMI standard will help fight spoofing and phishing

Posted on March 27, 2018 by Shaun Waterman

Major email service providers are teaming up with large corporations like health insurers, financial service providers and social media giants to develop a new standard that will let commercial email senders securely display their logo next to the “from” name when a message is in a user’s inbox. Brand Indicators for Message Identification, or BIMI, aims to bolster sagging public trust in email, and thereby increase customer engagement with commercial marketing messages. But senders will have to use industry-standard email verification measures in order to leverage BIMI, and the logos will also appear on individual emails from employees of the sending company, as well as mass marketing messages. As a result, BIMI, will also help combat spoofing and phishing messages, according to Patrick Peterson, the founder and executive chairman of email security outfit Agari — one of the new standard’s authors. “We’re putting the trust back into email,” he told […]

The post DMARC 2.0? New BIMI standard will help fight spoofing and phishing appeared first on Cyberscoop.

Continue reading DMARC 2.0? New BIMI standard will help fight spoofing and phishing→

DMARC and SPF are setup for my non-www domain but doesn’t work for www

Posted on March 23, 2018 by senty

My website is up and running on www.example.com and I am sending automated emails from my email address support@example.com. DMARC and SPF seem to setup accordingly:

_dmarc : v=DMARC1;p=none;pct=100;rua=mailto:support@example.com;ruf=mail… Continue reading DMARC and SPF are setup for my non-www domain but doesn’t work for www→

Tax prep tools lag in DMARC implementation, advocacy group says

Posted on March 20, 2018 by Zaid Shoorbajee

With tax season underway, a cybersecurity advocacy group is warning that vendors of popular tax preparation tools may be unprepared to protect users from phishing scams. Four out of the eight most popular tax preparation software products don’t employ basic protections against email spoofing, according to testing by the cybersecurity nonprofit Global Cyber Alliance. GCA tested the domains of the popular programs to check what settings they employ under the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol. DMARC is an industry standard designed to detect and prevent email spoofing. GCA’s findings, released last week, are as follows: Reject: Liberty Tax Quarantine: Credit Karma, Jackson Hewitt and Tax Slayer None: Free Tax USA and Turbo Tax No policy: H&R Block and TaxAct DMARC has three levels of protection against emails that try to hijack a particular domain. If an organization employs the “reject” policy — the highest setting — a spoofed […]

The post Tax prep tools lag in DMARC implementation, advocacy group says appeared first on Cyberscoop.

Continue reading Tax prep tools lag in DMARC implementation, advocacy group says→

Most top US higher ed institutions fail to protect students from phishing

Posted on March 7, 2018 by Help Net Security

88.8 percent of the root domains operated by top colleges and universities in the United States are putting their students, staff and other recipients at risk for phishing attacks that spoof the institution’s domain, according to 250ok. Phishing and sp… Continue reading Most top US higher ed institutions fail to protect students from phishing→

Feds still dragging in DMARC configuration

Posted on March 5, 2018 by Shaun Waterman

It’s been more than a month since a mandatory Department of Homeland Security deadline passed for federal agencies to adopt security measures that stop attackers spoofing email — but more than a third have still failed to do so, according to an analysis of public records. What’s arguably worse is those that have implemented the measure called DMARC — Domain-based Message Authentication, Reporting and Conformance — have in many cases misconfigured it, meaning they remain exposed to spoofing. Federal IT specialists “aren’t picking up on the issue of subdomains,” explained Ian Breeze, a product manager at Easy Solutions, a vendor that provides software and advice to organizations seeking to implement DMARC, “They’re leaving their email subdomains open to fraud.” How DMARC works DMARC works by creating a public record that email systems can check to determine whether a message sender is in fact authorized to transmit on behalf of a […]

The post Feds still dragging in DMARC configuration appeared first on Cyberscoop.

Continue reading Feds still dragging in DMARC configuration→

99 percent of domains are not protected by DMARC

Posted on February 8, 2018 by Help Net Security

Essentially every global domain is vulnerable to phishing and domain name spoofing. A new report incorporates data from Agari, revealing that 90 percent of its customers have been targeted by domain name fraud. Insight from the Farsight Security indica… Continue reading 99 percent of domains are not protected by DMARC→

How should I configure DMARC (or DKIM?) to deal with OWA forwarding changing email bodies?

Posted on February 3, 2018 by bers

For my own domain (mydomain.com, hosted with a free G Suite), I have setup DMARC in testing mode:

v=DMARC1; p=none; sp=reject; aspf=s; adkim=s; rua=mailto:dmarc@mydomain.com

I have sent out test emails to a bunch of email … Continue reading How should I configure DMARC (or DKIM?) to deal with OWA forwarding changing email bodies?→

How should I configure DMARC (or DKIM?) to deal with OWA forwarding changing email bodies?

Posted on February 3, 2018 by bers

For my own domain (mydomain.com, hosted with a free G Suite), I have setup DMARC in testing mode:

v=DMARC1; p=none; sp=reject; aspf=s; adkim=s; rua=mailto:dmarc@mydomain.com

I have sent out test emails to a bunch of email … Continue reading How should I configure DMARC (or DKIM?) to deal with OWA forwarding changing email bodies?→

Most top US and EU e-retailers are putting their consumers at risk

Posted on January 31, 2018 by Help Net Security

A new study by 250ok has revealed that 87.6 percent of the root domains operated by top e-retailers in the United States and European Union are putting their brands and consumers at risk for phishing attacks. SPF and DMARC Phishing and spoofing attacks… Continue reading Most top US and EU e-retailers are putting their consumers at risk→