Good morning DMARC

I’m thinking I may need to deploy DMARC report automation sooner rather than later.

… and so on, and on, and on for a lot further down the mailbox.

Related Posts

Organizational Domain

We often want to know whether two hostnames are controlled by the same person, or not.

Read More

The feds are deploying DMARC

The US National Cybersecurity Assessments & Technical Services Team have issued a mandate on web and email security, including TLS+HSTS for web servers, and STARTTLS+SPF+DKIM+DMARC for email.
It’s … pretty decent for a brief, public requirements doc. It’s compatible with a prudent rollout of email authentication.

Read More

About that DMARC "exploit"

A security researcher has identified a rendering flaw that allows for “perfect” phishing emails. From his website:

Read More