DMARC – Page 17 – WindowsTechs.com

Cybersecurity vendors lag badly on DMARC email security, survey shows

Posted on July 26, 2017 by Shaun Waterman

Only 1 in 4 of the cybersecurity companies exhibiting at the celebrated Black Hat conference this week have implemented a set of best practices to prevent email spoofing and phishing, according to figures from the nonprofit Global Cyber Alliance. In a release Wednesday, GCA said that 73 percent of the 268 exhibitors had not deployed Domain-based Message Authentication, Reporting and Conformance, or DMARC — a set of email protocols that prevents spammers, phishers and other cybercriminals from using an organization’s name and email domain to conduct hacking attacks. Of the 72 exhibitors using DMARC, only six — just 2 percent — have fully deployed it so that it stops spoofed email from being delivered. Lower level implementations of DMARC warn an organization that their email domain is being spoofed — and can help spoofed mail get blocked by spam filers — but don’t prevent it from being delivered. “A lot of [security vendors] clearly are […]

The post Cybersecurity vendors lag badly on DMARC email security, survey shows appeared first on Cyberscoop.

Continue reading Cybersecurity vendors lag badly on DMARC email security, survey shows→

US government email still not using a key security tool to protect users

Posted on July 25, 2017 by taylorarmerding

Most federal departments haven’t implemented DMARC – and a senator wants to know why not Continue reading US government email still not using a key security tool to protect users→

Senator Calls For Use Of DMARC To Curb Phishing

Posted on July 19, 2017 by Tom Spring

Senator Ron Wyden is pushing to mandate government-wide use of the email authentication protocol DMARC “to ensure that hackers cannot send emails that impersonate federal agencies.” Continue reading Senator Calls For Use Of DMARC To Curb Phishing→

Wyden urges DHS to adopt secure email authentication protocol

Posted on July 18, 2017 by Patrick Howell O'Neill

Sen. Ron Wyden, D-Ore., has asked the Department of Homeland Security to move the federal government to adopt a protocol that would defend and protect government offices from email spoofing and phishing attempts. According to a letter sent to acting DHS Deputy Undersecretary of Cybersecurity Jeanette Manfra, Wyden wants the government to adopt Domain-based Message Authentication, Reporting & Conformance. Widely known as DMARC, the protocol is technical standard finalized in 2015 by contributors including Google, Yahoo, Mail.ru, JPMorganChase and Symantec. The push for widespread adoption of DMARC is particularly timely now in the wake of a June 2017 report concluding that less than one-third of the largest 98 public and private hospitals in the United States secure their email with the technology. The same email-based threats faced by private enterprise have hit the U.S. government, especially in the last year. “The threat posed by criminals and foreign governments impersonating U.S. government agencies is real,” Wyden wrote. […]

The post Wyden urges DHS to adopt secure email authentication protocol appeared first on Cyberscoop.

Continue reading Wyden urges DHS to adopt secure email authentication protocol→

Another compromised tech support company server sending spam. Why you should use DMARC

Posted on July 16, 2017 by Myonlinesecurity

A slightly different informational report today, that illustrates the benefits of setting up authentication correctly on your outgoing mail server and using DMARC reporting. I won’t go into DMARC too deeply here because there are hundreds of sites explaining how to set it up and why you should use it. … Continue reading → Continue reading Another compromised tech support company server sending spam. Why you should use DMARC→

Few U.S. hospitals secure their email against phishing, Global Cyber Alliance says

Posted on June 15, 2017 by Shaun Waterman

Fewer than one-third of the largest 98 public and private hospitals in the United States secure their email against phishing and spamming, according to data released Thursday. The Global Cyber Alliance said that of the 50 largest public hospitals, only six employed Domain-based Message Authentication, Reporting and Conformance, or DMARC — an email authentication policy and reporting protocol developed a decade ago, originally by PayPal. Of the 48 biggest for-profit hospitals, only 22 used DMARC. The figures led GCA to describe U.S. health care providers’ email security as being in “critical condition.” The alliance also notes that, according to the latest Verizon Data Breach Investigative Report, 66 percent of malware installed on healthcare providers’ IT networks was delivered via email attachment — something normally done using a spoofed email address. DMARC helps prevent phishing and other email spoofing attacks, when an email is made to look as if it comes from a company, […]

The post Few U.S. hospitals secure their email against phishing, Global Cyber Alliance says appeared first on Cyberscoop.

Continue reading Few U.S. hospitals secure their email against phishing, Global Cyber Alliance says→

What does a failed SPF record tell me from a DMARC Aggregate report?

Posted on March 2, 2017 by Dave

I just started receiving DMARC aggregate reports. I am trying to understand what it means for a Source IP to fail SPF. Does this mean that the domain that failed the SPF tried to send an email on behalf of my domain? (essenti… Continue reading What does a failed SPF record tell me from a DMARC Aggregate report?→

What does a failed SPF record tell me from a DMARC Aggregate report?

Posted on March 2, 2017 by Dave

I just started receiving DMARC aggregate reports. I am trying to understand what it means for a Source IP to fail SPF. Does this mean that the domain that failed the SPF tried to send an email on behalf of my domain? (essentially spoof my … Continue reading What does a failed SPF record tell me from a DMARC Aggregate report?→

Suspicious Entry in DMARC Report

Posted on February 27, 2017 by Owen Orwell

I recently contacted a vendor of security-related development libraries to ask for a quote (I won’t name them yet).

The next day, Postmark sent me my weekly DMARC report – and it contained 2 failed entries originating from t… Continue reading Suspicious Entry in DMARC Report→

Suspicious Entry in DMARC Report

Posted on February 27, 2017 by Owen Orwell

I recently contacted a vendor of security-related development libraries to ask for a quote (I won’t name them yet).

The next day, Postmark sent me my weekly DMARC report – and it contained 2 failed entries originating from t… Continue reading Suspicious Entry in DMARC Report→