DMARC/Email compliance/Authentication

DMARC background

Cybercriminals use domain spoofing to make inbound and outbound email look like they're coming from a trusted source... when they're not. Phishing campaigns and email compromises continue to grow each year. Today's organizations are deploying Domain-based Message Authentication, Reporting, and Conformance (DMARC) to combat the heavy increase in cyberattacks. DMARC is used to authenticate an email by aligning Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) mechanisms. By having DMARC in place Duke University can fight email compromise, phishing, and spoofing.

The benefits of implementing DMARC

Helps to ensure the trustworthiness of the Duke.edu email domain

DMARC protects the Duke.edu domain from unauthorized use by phishing and spoofing thereby protecting Duke’s brand. This protection occurs not only within Duke’s environment but also through non-Duke email services that have implemented DMARC as well.

We lower risk by reducing vulnerability.

Domain-spoofed messages comprise email and are directed to nearly all companies and institutions worldwide. Phishing is commonly one of the first steps in attacks that lead to account compromises, data breaches, ransomware, and various financial scams. DMARC does not prevent all forms of phishing but does eliminate some of the most difficult for end-users to correctly identify as phishing.

We keep Duke in line with the future

Schools and the industry are moving in this direction. Eventually, non-compliance may result in delivery issues as more and more organizations move to DMARC.

Especially with the recent announcements from Google and Yahoo, which will begin requiring DMARC compliance starting February 1^st 2024, or emails might not be delivered to gmail and yahoo email accounts.  Gmail introduces new requirements to fight spam (blog.google)

Definitions

DMARC: Domain-based Message Authentication, Reporting & Conformance. The protocol uses Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to determine the authenticity of an email message.

DKIM: DomainKeys Identified Mail. The system is used to cryptographically sign outgoing emails to check an email’s authenticity and prevent malicious alterations of the email in transit.

SPF: Sender Policy Framework. System to ensure that only certain Duke approved IP addresses can send email on behalf of a domain.

 

How DMARC works

Email messages are considered DMARC compliant if they pass SPF, DKIM, and the domain address alignment.

• DMARC matches the 'header FROM' domain name with the 'envelope from' domain name used in the SPF check
• DMARC matches the 'header FROM' domain name with the domain name in the DKIM signature

The ‘envelope from’ is used during communication between SMTP clients and servers, while the ‘header from’ is what is displayed in an email client. 

Method for checking for compliance

Send a test message to DMARCcompliance@duke.edu account through the 3rd party mailer in use (examples are:sendgrid, mailchimp, Cvent):

1. We will then check the headers for Authentication results and get back with you. 
2. follow up with another email from your Duke account indicating your department and/or unit

If you have any questions or concerns that your email may be affected by the implementation of DMARC, you can also email DMARCcompliance@duke.edu and the EIS-OIT DMARC Team will assist you.