DMARC

Cybercriminals use domain spoofing to make inbound and outbound email look like they're coming from a trusted source... when they're not. Phishing campaigns and email compromises have grown by approximately 60% in the past year alone. Today's organizations are deploying Domain-based Message Authentication, Reporting, and Conformance (DMARC) to combat the heavy increase in cyberattacks. DMARC is used to authenticate an email by aligning Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) mechanisms. By having DMARC in place Miami University can fight email compromise, phishing, and spoofing.

The benefits of implementing DMARC

Helps to ensure the trustworthiness of the MiamiOH.edu email domain

DMARC protects the MiamiOH.edu domain from unauthorized use by phishers and spoofers thereby protecting Miami’s brand. This protection occurs not only within Miami’s environment but also through non-Miami email services that have implemented DMARC as well.

We lower risk by reducing vulnerability

Domain-spoofed messages are estimated to comprise 1-2% of all email volume and are directed to nearly all companies and institutions worldwide. Phishing is commonly one of the first steps in attacks that lead to account compromises, data breaches, ransomware, and various financial scams. DMARC does not prevent all forms of phishing but does eliminate some of the most difficult for end-users to correctly identify as phishing.

We keep Miami in line with the future

Schools and the industry are moving in this direction. Eventually, non-compliance may result in delivery issues as more and more organizations move to DMARC.

Definitions

DMARC: Domain-based Message Authentication, Reporting & Conformance. The protocol uses Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to determine the authenticity of an email message.

DKIM: DomainKeys Identified Mail. The system is used to cryptographically sign outgoing emails to check an email’s authenticity and prevent malicious alterations of the email in transit.

SPF: Sender Policy Framework. System to ensure that only certain IP addresses can send email on behalf of a domain.

DMARC Quarantine: Messages that fail DMARC compliance will be delivered to a user's spam folder. This will allow for the bulk moving to inboxes when we are notified of messages that should have been delivered but are not yet DMARC compliant.

DMARC Enforcement: Full enforcement will have the messages bounced before reaching inboxes.

How DMARC works

Email messages are considered DMARC compliant if they pass SPF, DKIM, and the domain address alignment.

  • DMARC matches the 'header from' domain name with the 'envelope from' domain name used in the SPF check
  • DMARC matches the 'header from' domain name with the domain name in the DKIM signature

The ‘envelope from’ is used during communication between SMTP clients and servers, while the ‘header from’ is what is displayed in an email client. In snail mail terms, the ‘envelope from’ is like the from address on the outside of a physical envelope while the ‘header from’ is like the from address on the letter inside the envelope.

Method for checking a message for compliance

Send a test message to your MiamiOH.edu account through the 3rd party mailer in use:

  1. Open the message in Gmail.
  2. View full headers: “Show Original” from menu (3 vertical dots) to the right of reply button.
  3. Search for “SPF”, “DKIM”, and “DMARC” for details.
Example:
Authentication-Results: mx.google.com;
dkim=pass header.i=@miamioh.edu header.s=mualmaip13 header.b=fQclh6Zr;
spf=pass (google.com: domain of ithelp@miamioh.edu designates 134.53.225.83 as permitted sender) smtp.mailfrom=ithelp@miamioh.edu; 
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=miamioh.edu
You will want to see “pass” for each, if not send full headers via the TDX intake form.

If you have any questions or concerns that your email may be affected by the implementation of DMARC, you can complete the TDX Intake form and the IT Services DMARC Team will assist you.