How To Deploy DMARC Monitoring

Homeadmin2

How To Deploy DMARC Monitoring

admin2

See the source image

The ever-evolving internet and its growing usage since the epidemic have made it easier for hackers, impersonators, and threat actors to access organization domains. As threat actors discover new and sophisticated ways to attack, so will DMARC.

One little hack might damage your brand’s reputation and trustworthiness. DMARC aims to develop a system where senders and receivers collaborate to improve sender authentication and reject bogus messages.

Benefits of Adopting DMARC

DMARC can protect your brand against malicious indictments, so adopt it today.

Better Security – DMARC blocks unauthorized access to your domain, protecting your consumers from spam, fraud, spoofing, and phishing.

Improved Visibility – You can simply see who (or what) is sending email from your domain.

You defend your customers, and they’ll protect your brand. Identity theft and targeted attacks are always best defended against.

Guidelines for DMARC deployment

1st Step: Sender Policy Framework

  • Collect all the IP Addresses used to send email from your domain, including Web Servers, In-office mail servers, and ISP mail servers.
  • List transmitting and non-sending domains.
  • Using a text editor, create an SPF record for each domain (i.e. Notepad, Vim, Nano etc)
  • Add SPF records to DNS or consult the administrator if you don’t manage DNS.
  • After adding the record to DNS, use SPF Check.

2nd Step: Setup DKIM

  • Choose a DKIM selector, a user-defined text string attached to the domain name to identify the DKIM public key.
  • Generate public-private domain keys. Windows users can use PUTTYGEN, Linux and Mac usersssh-keygen.
  • Using the public key from the aforementioned pair, create a new DNS txt record.

3rd Step: Setup DMARC

  • Check the SPF and DKIM settings
  • Creation of a DNS entry named “_dmarc.yourdomain.com”
  • Create a “p=none” (monitoring mode) DMARC record in your domain’s DNS, just as SPF and DKIM.
  • Use a DMARC check tool.

4th Step: Enable DMARC reporting and monitoring

  • The report is an XML file that includes message counts from each IP, DMARC policy steps, SPF and DKIM message results.
  • The report tells domain owners how many fraudulent messages are sent from their domain. Quarantine or reject policy.

5th Step: DMARC Enforcement

  • Your organization may spend a long time in monitoring mode before entering quarantine. Once your inventory has mapped authorized senders, you can move.
  • Search for the DMARC record on your DNS server.
  • Open the domain record and change “p=none” to “p=quarantine”
  • Add “pct” (percentage of messages subject to filter)
  • Once you’ve reached 100% filtering, move “p=reject” to the highest enforcement level.

6th Step: DMARC Reject Policy

  • Open the DMARC record in DNS.
  • Change “q” to “r”
  • Document

At this stage, it’s extremely critical to watch for valid email rejection and deletion.

Leave a Reply