SPF & DMARC
when did you last check ALL your domains?
Keep Information Security Services
https://www.wearekeep.co.uk/wp-content/themes/keepinformation/img/logos/keep-purple-logo.svg
300
80
Keep Information Security Services
If you’re not particular techy these acronyms may not mean much, but you can easily make checks, even if you can’t implement the fix! Read on…..
One of KEEPs consultants recently assessed a client (CNI) where only 55% of their domains had the necessary SPF and DMARC configurations in place correctly. This mis-configuration allows attackers (at minimum) to easily email spoof and target your users.
If you do nothing else this week, check the basics!
Check your SFP and DMARC (and DKIM) configuration here;
- SPF: https://mxtoolbox.com/spf.aspx
- DMARC: https://mxtoolbox.com/dmarc.aspx
(or similar services)
- If no valid SPF and DMARC records are published for some or ALL domains, check the rationale for this across your organisation (although somewhat a null point, though context for prior errors is always worthwhile).
- Make a plan to implement the SPF and DMARC changes at the earliest opportunity, with prior approvals from the wider business / change management processes.
- Validate your implementation(s).
Key Points:
- Your SPF record should contain IP ranges / subnets or FQDN’s of systems / services that can send emails on behalf of the domain(s) in scope.
- “-all” should be appended to the end of your record.
- A valid SPF record may look like this, though it all depends on your own setup(s); v=spf1 include:spf.protection.outlook.com -all
- A valid DMARC record may look like this; v=DMARC1; p=quarantine; rua=mailto:youremail@yourdomain[.]com; ruf=mailto:youremail@yourdomain[.]com; fo=1
- Be cautious with your DMARC implementation, it’s recommended to use the p=none switch initially
Bonus points:
Implement DKIM as well – guidance is here; https://mxtoolbox.com/dmarc/dkim/setup/how-to-setup-dkim
Don’t rely on others in the belief this will already be implemented. Make the checks for yourself and instruct changes. It’s relatively simple but also helps to mitigate some of the most common attack techniques currently in use!
If you need a PowerShell script to perform a bulk lookup, complete the contact form and one of our consultants will provide it to you.
Related articles
8th January 2024
https://www.wearekeep.co.uk/wp-content/uploads/2019/07/aron-van-de-pol-hXOGHaGCtdA-unsplash-500x333.jpg
cyber security simple facts
Cyber Security – Some simple facts
1st October 2023
https://www.wearekeep.co.uk/wp-content/uploads/2024/01/iStock-1448152453-500x281.jpg
NIST SP 800-53 Rev 5
Cyber Threat Modelling
15th September 2023
https://www.wearekeep.co.uk/wp-content/uploads/2024/01/iStock-1289079656-500x281.jpg
Microsoft Cloud Security Services
Microsoft GDAP
Get in Touch
Please get in touch using the form below.