Email Authenticity and DMARC

Informational

Email is a critical communication tool for EWU. Unfortunately, email is also a common vector for cyber attacks such as phishing and spoofing. These attacks can lead to data breaches, financial losses, and reputational damage. To combat these threats, email authentication protocols such as DMARC have been developed.

What is DMARC?

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It is an email authentication protocol that allows EWU to specify which email servers are authorized to send emails on behalf of EWU. DMARC also provides a mechanism for email receivers to verify the authenticity of incoming emails and reject those that fail authentication.

How does DMARC work?

DMARC works by using two existing email authentication protocols: SPF and DKIM. SPF (Sender Policy Framework) allows EWU to specify which email servers are authorized to send emails for EWU domains. DKIM (DomainKeys Identified Mail) allows EWU to sign outgoing emails with a digital signature that can be verified by email receivers.

When an email is received, the email receiver checks the SPF and DKIM records for the sending domain. If the records indicate that the email is authentic, the email is delivered to the recipient's inbox. If the records indicate that the email is not authentic, the email may be rejected or marked as spam.

Benefits of DMARC

Implementing DMARC can provide several benefits:

Improved email deliverability: DMARC can help ensure that legitimate emails are delivered to recipients' inboxes.
Reduced risk of phishing and spoofing: DMARC can help prevent cyber attacks that use fake emails to trick recipients into disclosing sensitive information or transferring funds.
Enhanced brand protection: DMARC can help protect a company's brand reputation by preventing unauthorized use of its domain in email communications.

How EWU implements DMARC

Implementing DMARC requires several steps:

Create and maintain SPF and DKIM records. When new services are added, these records must be updated.
Publish a DMARC policy for EWU that specifies how email receivers should handle emails that fail authentication (Report, Quarantine, or Reject). Report is currently selected.
IT Monitors DMARC reports to identify unauthorized use of EWU's domain and help improve email authentication.

Conclusion

Email authentication protocols such as DMARC are essential tools for protecting against cyber attacks that use email as a vector. By implementing DMARC, businesses and individuals can improve email deliverability, reduce the risk of phishing and spoofing, and enhance brand protection.