Email Spoofing has become common place. Hackers are creating fake email and messages, targeting both the unsuspecting public, your customers, or even your own users, for financial and other malicious gains.

Starting 3rd October 2023, in order to address email spoofing, Gmail and Yahoo announced bulk senders sending to their mail servers are required to have DMARC configured.

This is because Email lacks the ability to verify authenticity of all received mails. Fraudsters have taken advantage of this fundamental flaw to full advantage.

Developed in 2012, DMARC (Domain-based Message Authentication, Reporting & Conformance – RFC 7489) is an email authentication protocol that gives insight into how email is delivered. DMARC gives email senders the ability to not only receive feedback about how receivers treat their email, but also the ability to inform receivers to reject illegitimate messages. DMARC is helping organizations of every size ensure reliability and prevent phishing and domain spoofing.

Many security devices and email providers have adopted the SPF, DKIM and DMARC standards, including Microsoft Office 365.

Ensuring your own IT environment complies with this standard would help in the following ways –
•Prevent Enterprise spear phishing, and other attack variants such as CEO email fraud
•Detect misconfigurations of the underlying SPF and DKIM settings
•Inventory of all email senders using the valid email domain

However, how does this framework function? How do we set it in Office365? How well does it prevent Spoofing? What’s the right way of implementing it? This session discusses these areas.