Prevent spoofing and phishing with DMARC (Domain-based Message Authentication, Report...
Prevent spoofing and phishing with DMARC
DMARC is a technical specification created by a group of organizations that want to help reduce the misuse of emails, such as spam, phishing, by providing a solution for deploying and monitoring problems related to their authentication.
This technology has been standardized by the Internet Engineering Task Force (IETF) in the RFC 7489 .
DMARC standardizes how recipients (in the sense of recipient MTAs) perform email authentication using the Sender Policy Framework and DomainKeys Identified Mail mechanisms. This means that the sender (in the sense of a sending MTA) will receive the results of the authentication of its messages by any recipient that implements DMARC.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a standard email authentication method . DMARC allows email administrators to prevent hackers from impersonating their organization and domain. Spoofing is a type of attack in which the address in the From field of an email is spoofed. A spoofing message appears to come from the spoofed organization or domain.
DMARC also lets you request reports from mail servers that receive mail from your organization or domain. These reports contain information to help you identify possible authentication issues and malicious activity related to messages sent from your domain.
Spammers can spoof your domain or organization to send fraudulent messages that impersonate your organization. DMARC tells mail servers what action to take when they receive a message that appears to come from your organization, but does not pass authentication checks or does not meet the authentication criteria of your DMARC rule record. Messages that aren't authenticated can impersonate your organization or be sent from unauthorized servers.
DMARC is always used with the following two authentication methods or controls:
Docs for a good configuration of DMARC DNS records : DNS Record found, DMARC Record found and DMARC Quarantine/Reject policy enabled
HTML (PHP) table for viewing compliance reports DMARC. Analyze the DMARC reports sent by the mail servers receiving your couriers.
SH script to unzip/store ZIP/GZ DMARC files
API JSON RESTful to analyze mail servers spoofing our mail domain names.
Information for using our API "ZW3B Api Client".
158.69.126.137
2607:5300:60:9389:17:4:0:1
2607:5300:60:9389:17:4c1:0:1a
And above all, could a competent authority verify the IP addresses of usurpers ? Should I add "and sanction them" or am I to do it ? Thank you !
If you want to install "Mail-DMARC Security and reporting" on your mail server, you can use this OpenSource solution (perl) which will allow you to secure your mailboxes from incoming messages not compliant DMARC.
Otherwise, you can install Rspamd, free antispam software, written in C and distributed under the Apache license; an alternative solution to SpamAssassin.
Rspamd is broadly customizable and allows multiple strategies to avoid Spam and false positives. In conclusion, Rspamd team is not only giving an incredible spam filtering system and email processing framework that allows evaluation of messages by a number of rules including regular expressions.