DMARC and your.bank Domain. September 2015 v

Similar documents
Curbing Threats & Spear Phishing The Promise & Results with DMARC

Protect your brand from phishing s by implementing DMARC 1

Migrating to.bank A step-by-step roadmap for migrating to.bank

How s are sent from Xero

This user guide provides guidelines and recommendations for setting up your business s domain authentication to improve your deliverability rating.

DST . Product FAQs. Thank you for using our products. DST UK

Anti-Phishing Best Practices for ISPs and Mailbox Providers

AntiSpam. Administrator Guide and Spam Manager Deployment Guide

Marketing 201. How a SPAM Filter Works. Craig Stouffer Pinpointe On-Demand cstouffer@pinpointe.com (408) x125

Introduction. How does filtering work? What is the Quarantine? What is an End User Digest?

THE DMARC GUIDE. Understanding DMARC for Securing

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

SPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015

Authentication Policy and Deployment Strategy for Financial Services Firms

Security - DMARC ed Encryption

Exchange Online Protection In-Depth

Protect Outbound Mail with DMARC

Evaluating DMARC Effectiveness for the Financial Services Industry

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through trust

Advanced Settings. Help Documentation

Internet Standards. Sam Silberman, Constant Contact

Security.cloud Configuring DLP on to your flow and applying security to your hosted deployment

A New Way For ers To Defend Themselves Against Fraud

DMA s Authentication Requirement: FAQs and Best Practices

2015 Online Trust Audit & Honor Roll Practices Deep Dive July 7, All rights reserved. Online Trust Alliance (OTA) Slide 1

Comprehensive Anti-Spam Service

Service Launch Guide (US Customer) SEG Filtering

eprism Security Suite

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

How To Ensure Your Is Delivered

PROOFPOINT - SPAM FILTER

How to configure Incoming Enabled Libraries in MOSS2007 RTM using Exchange 2007 in an Active Directory Domain.

More Details About Your Spam Digest & Dashboard

Configuring Security for SMTP Traffic

DKIM Enabled Two Factor Authenticated Secure Mail Client

The What, Why, and How of Authentication

XGENPLUS SECURITY FEATURES...

Overview An Evolution. Improving Trust, Confidence & Safety working together to fight the beast. Microsoft's online safety strategy

Objective This howto demonstrates and explains the different mechanisms for fending off unwanted spam .

Reputation Metrics Troubleshooter. Share it!

. Daniel Zappala. CS 460 Computer Networking Brigham Young University

Configuration Information

DomainKeys Identified Mail DKIM authenticates senders, message content

SESA Securing with Cisco Security Appliance Parts 1 and 2

How To Filter From A Spam Filter

Microsoft Exchange 2003

AntiSpam QuickStart Guide

Migration Quick Reference Guide for Administrators

WatchGuard QMS End User Guide

FILTERING FAQ

Eloqua Enhanced Branding and Deliverability More s to the inbox means more opportunities and revenue.

Deliverability Counts

SCORECARD MARKETING. Find Out How Much You Are Really Getting Out of Your Marketing

DomainKeys Identified Mail (DKIM) Murray Kucherawy The Trusted Domain Project

Smart E-Marketer s Guide

Quick Start Policy Patrol Mail Security 9

Lesson 13: DNS Security. Javier Osuna GMV Head of Security and Process Consulting Division

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

BITS SECURITY TOOLKIT:

POP3 Connector for Exchange - Configuration

Quick Start Policy Patrol Mail Security 10

How to Build an Effective Mail Server Defense

Quarantined Messages 5 What are quarantined messages? 5 What username and password do I use to access my quarantined messages? 5

Microsoft Windows Server System White Paper

Guardian Digital Secure Mail Suite Quick Start Guide

Intercept Anti-Spam Quick Start Guide

How to configure Incoming Enabled Libraries in MOSS2007 RTM using Exchange 2003 in an Active Directory Domain.

On and off premises technologies Which is best for you?

Configuration Information

Creating a Content Group and assigning the Encrypt action to the Group.

Marketing Glossary of Terms

Cloud Services. Anti-Spam. Admin Guide

Quick Start Policy Patrol Spam Filter 9

Basic Funneling MX Verify and Redundancy. Why Sorting Solutions? Why Vircom?

Deliverability Best Practices by Tamara Gielen

SPAM FILTER Service Data Sheet

Deliverability 101. #amplify International Business Machines Corporation

European developer & provider ensuring data protection User console: Simile Fingerprint Filter Policies and content filtering rules

BACKSCATTER PROTECTION AGENT Version 1.1 documentation

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Deployment Guide. For the latest version of this document please go to:

Quick Start Policy Patrol Spam Filter 5

Transcription:

DMARC and your.bank Domain September 2015 v

EMAIL MAKES IT EASY FOR CRIMINALS TO REACH YOUR CUSTOMERS USING YOUR BRAND Phishing and brand abuse erode consumer trust Attacks cause lasting brand damage Fallout impacts every team IT, IS, Security, Risk, Marketing, Operations, Customer Service, & the C-Suite Attacks decrease email engagement, reducing your bottom line It s far too risky to leave your business and reputation exposed to these kind of attacks 2

.bank Registration Requirements Specifically designed to protect banks and consumers from cybercriminals Require that you: - are a bank or other eligible entity - publish a DMARC quarantine or reject policy if domain is not used for email policy plus either DKIM and/or SPF if domain is used for email These requirements are the most stringent of any TLD and registry This is a good thing. Something you should tell your customers and your boards about Today our focus is the DMARC reject requirement Copyright 2015 Agari. All rights reserved. Confidential and Proprietary. 3

Background: What is DMARC? Copyright 2014 Agari. All rights reserved. Confidential and Proprietary. 4

Dee-MARK is an Acronym D omain-based M essage A uthentication R eporting (and) C onformance and a de-facto email security standard 5

In 2007, These Guys Started It 6

And Soon These Guys Joined In 7

Proven at Scale With Volume & Complexity AGARI RECEIVERS SENDERS RECEIVERS Largest bank Most abused brand Largest sender of email on the planet Largest consumer electronics company 2.5B endpoints 85% of US inboxes 70% of global inboxes 10B messages daily Copyright 2015 Agari. All rights reserved. Confidential and Proprietary. 8

How does DMARC Work? You (a sender of email): - Send all email messages as compliant messages, authenticated in specific ways - Tell the world to delete or drop non-compliant email (the reject policy ) Then, the Receivers/ISPs: - throw out (delete/drop) the non-compliant email Dead simple but the devil is in the details Copyright 2015 Agari. All rights reserved. Confidential and Proprietary. 9

Using your.bank domain for sending email Copyright 2015 Agari. All rights reserved. Confidential and Proprietary. 10

Migrating is a Process Send all email messages as compliant messages 1. Audit. Perform an audit to identify types and sources of email you send 2. Plan. Determine which types and sources will be migrated to your new.bank domain 3. Implement. Implement and confirm the authentication methods applicable to each source of email. Send test messages. Fix the problems that surface. Repeat. 4. Communicate. Tell your customers to expect email from the new sources using existing channels. Or wait and tell using the new channels. 5. Act. Switch over to using your.bank domain when sources are compliant Copyright 2015 Agari. All rights reserved. Confidential and Proprietary. 11

DMARC supports your Audit Audit Goal: Identify all legitimate sources of email using your brand(s) Typically a combination of: - Email sent directly by your bank s IT systems and departments - Email sent using third party vendors in your behalf - You may be surprised by some sources Tips: - Publish a DMARC monitor policy on your existing domains. This will help you identify legit email sources. - Use a DMARC monitoring, workflow, and security vendor to assist you (this is what Agari and others can help you with) Copyright 2015 Agari. All rights reserved. Confidential and Proprietary. 12

On Implementation Authentication SPF, DKIM, or both? - Very likely both (depends upon the amount of forwarding) - SPF: fragile but easier to implement - DKIM: signing software at message source, crypto, but resilient to forwarding SPF Issues - Identifying and correctly adding the authorized IP space (sets of IP addresses) - Ensuring alignment the SMTP dialog s MAIL FROM must match the From Header Domain. Requires server side configuration to fix DKIM - Key management: creation, publishing in DNS, signing - Key Length: minimum 1536 bits - Signing domain must match From Header Domain. Requires server side configuration changes to fix Copyright 2015 Agari. All rights reserved. Confidential and Proprietary. 13

Tips: Engage your Vendors Good: - We send DMARC-compliant email with a reject policy today for at least one customer Warning: - Oh sure, We sign our messages with SPF - We can sign messages with DKIM - Doing DMARC just means using DKIM or SPF, so no problem Be Patient, Avoid Pitfalls: - DMARC amends and invalidates certain practices in widespread use with SPF and DKIM. Consequently, - Existing vendor implementations of SPF or DKIM are rarely DMARC-compliant. They will need remediation - Overall, the nuances take time to address Help for is out there. DMARC.org, Agari, and others work with vendors to help them achieve compliant sending practices Copyright 2015 Agari. All rights reserved. Confidential and Proprietary. 14

Summary.bank Registry requirements are protective of banks and consumers. Mandatory use of DMARC ensures that only you can send email as you Migrating your email traffic to use your.bank domain for customer communications is a process Work with your IT departments, Vendors, and outside DMARC service providers to achieve, confirm and maintain ongoing compliance Do not forget to tell your customers and your stakeholders! Copyright 2015 Agari. All rights reserved. Confidential and Proprietary. 15

Thank You! Copyright 2014 Agari. All rights reserved. Confidential and Proprietary. 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information