{"id":286,"date":"2015-10-13T04:21:05","date_gmt":"2015-10-13T09:21:05","guid":{"rendered":"http:\/\/localhost\/?page_id=286"},"modified":"2023-01-17T07:04:39","modified_gmt":"2023-01-17T12:04:39","slug":"email-spoofing-preventive-guidelines","status":"publish","type":"page","link":"https:\/\/www.argustech.com\/?page_id=286","title":{"rendered":"Preventing Financial Fraud &#8211; Securing Email"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"286\" class=\"elementor elementor-286\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3d0932be elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3d0932be\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7a423dee\" data-id=\"7a423dee\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4724621d elementor-widget elementor-widget-text-editor\" data-id=\"4724621d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>\u00a0<\/h2><h2><span style=\"text-decoration: underline; color: #333333;\"><strong>Digital Fraud \u2013 the challenge<\/strong><\/span><\/h2><p style=\"text-align: justify;\"><span style=\"color: #333333;\">With advent of digital information, communication has become blazing fast; and so has risen the opportunity for online fraud.<\/span><br \/><span style=\"color: #333333;\">Many organizations have fallen victim to digital impersonation of key individuals. These \u201cidentities\u201d are obtained using various approaches, the most common of them being &#8211; <strong>Phishing<\/strong>.<\/span><\/p><p style=\"text-align: justify;\"><span style=\"color: #333333;\">By phishing, an impersonator obtains sensitive information with the intent to use that information for illegitimate gains. The success of a phishing attack requires establishing trust with the victim. Attackers use various techniques to gain this trust:<\/span><\/p><ul><li style=\"text-align: justify;\"><span style=\"color: #333333;\">Socially engineered spoofing via email to request information or process financial transactions.<\/span><\/li><li style=\"text-align: justify;\"><span style=\"color: #333333;\">Sharing malicious attachments (Trojans) that give access to computers to obtain sensitive information.<\/span><\/li><li style=\"text-align: justify;\"><span style=\"color: #333333;\">Email links that take a victim to a website (with legitimate appearance) that requests the victim to enter targeted information<\/span><\/li><\/ul><p style=\"text-align: justify;\"><span style=\"color: #333333;\">Following are noteworthy excerpts from articles that highlight the extent of financial damage these frauds are causing:<\/span><\/p><p style=\"text-align: justify;\"><span style=\"color: #333333;\"><em>\u201cOn a global scale, this translates to losses of approximately $3.7 trillion, according to anti-fraud experts.<\/em><\/span><\/p><p style=\"text-align: justify;\"><span style=\"color: #333333;\"><em><strong>Small Companies Suffer Greater Monetary Losses<\/strong><\/em><\/span><\/p><p style=\"text-align: justify;\"><span style=\"color: #333333;\"><em>While both large and small organizations fall victim to occupational fraud, the ACFE found that companies with fewer than 100 employees are particularly vulnerable compared to their larger counterparts.<\/em>\u201d<\/span><\/p><pre style=\"text-align: right;\"><span style=\"color: #333333;\">Source: <a style=\"color: #333333;\" href=\"http:\/\/quickbooks.intuit.com\/r\/trends-stats\/fraud-statistics-every-business-should-know\" target=\"_blank\" rel=\"noopener\">http:\/\/quickbooks.intuit.com\/r\/trends-stats\/fraud-statistics-every-business-should-know<\/a><\/span><\/pre><p style=\"text-align: justify;\"><span style=\"color: #333333;\"><em>\u201cFifteen percent of respondents, who had a breach or compromise, estimated the cost of that breach at between $500,000 and a $1 million, with 6% putting the figure at $5 million or more.\u201d<\/em><\/span><\/p><pre style=\"text-align: right;\"><span style=\"color: #333333;\">Source: <a style=\"color: #333333;\" href=\"http:\/\/www.threattracksecurity.com\/resources\/2015-strategic-security-report.aspx\" target=\"_blank\" rel=\"noopener\">http:\/\/www.threattracksecurity.com\/resources\/2015-strategic-security-report.aspx<\/a><\/span><\/pre><h2><span style=\"color: #333333;\"><strong><span style=\"text-decoration: underline;\">Digital Fraud \u2013 can we fight it?<\/span><\/strong><\/span><\/h2><p style=\"text-align: justify;\"><span style=\"color: #333333;\">Thankfully, using a few techniques, such as setting up SPF, DKIM and DMARC (detailed at the end of the study), the risks associated with malicious actors, that use email to perpetrate these types of fraud, can almost be eliminated.<\/span><br \/><span style=\"color: #333333;\">Combating Digital Fraud should be approached from two fronts:<\/span><\/p><ol><li><span style=\"color: #333333;\">Training the workforce to be able to identify possible attempts of Socially Engineered\u00a0attacks<\/span><\/li><li><span style=\"color: #333333;\">Deploy technical gates that screen and block emails NOT originating from authorized sources<\/span><\/li><\/ol><h3><span style=\"color: #333333;\">Certain points to be aware of:<\/span><\/h3><p style=\"text-align: justify;\"><span style=\"color: #333333;\">Since this fighting email fraud is restrictive in nature, it does present a situation where legitimate emails from business partners with improperly configured email systems might be bounced.<\/span><\/p><p style=\"text-align: justify;\"><span style=\"color: #333333;\">Also, the proposed technical solutions are apt in flagging emails originating from non-authorized sources; the end user still needs to be trained to be vigilant of impersonators that may send emails from addresses similar to the impersonated account. These emails may be technically setup to be authorized and may appear authentic due to the similarity in the addresses.<\/span><\/p><p><span style=\"color: #333333;\"><strong>e.g.<\/strong> ceo@authentic.com and ceo@authantic.com<\/span><br \/><span style=\"color: #333333;\"><em>Notice the difference in the domain name?<\/em><\/span><\/p><h2><span style=\"text-decoration: underline; color: #333333;\">Digital Fraud \u2013 how to secure your organization<\/span><\/h2><h4><span style=\"color: #333333;\"><strong>Real Example<\/strong><\/span><\/h4><p><span style=\"color: #333333;\">Here is an actual email sent by fraudster in an attempt to trick them to transfer funds. To maintain privacy we&#8217;ve starred and scrambled information:<\/span><\/p><p><span style=\"color: #333333;\"><a style=\"color: #333333;\" href=\"\/wp-content\/uploads\/2015\/10\/Image-14-4.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"size-full wp-image-369 aligncenter\" src=\"\/wp-content\/uploads\/2015\/10\/Image-14-4.png\" alt=\"Image 14 (4)\" width=\"784\" height=\"300\" srcset=\"https:\/\/www.argustech.com\/wp-content\/uploads\/2015\/10\/Image-14-4.png 784w, https:\/\/www.argustech.com\/wp-content\/uploads\/2015\/10\/Image-14-4-300x114.png 300w\" sizes=\"(max-width: 784px) 100vw, 784px\" \/><\/a><\/span><\/p><p><span style=\"color: #333333;\"><em>This one in particular was a good example of identifying both sender and receiver, which increases the probability of successful attack manifolds.<\/em><\/span><\/p><p><span style=\"color: #333333;\"><strong>Preventive Methods &#8211; Administrative Controls<\/strong><\/span><\/p><ul><li><span style=\"color: #333333;\"><span style=\"text-decoration: underline;\"><strong>Reduce Public Fingerprints:<\/strong><\/span> In the above example fraudster have increased the chances of successful attack manifolds because he has properly identified both the sender and receiver, their roles and responsibilities in an organization, and their professional hierarchy. Websites like ZoomInfo.com and Connect.Data.com, indirectly help these email spoofers to preciously identify their targets. Organizations need to weigh benefits versus risk for maintaining company information on these portals.<\/span><\/li><li><span style=\"color: #333333;\"><span style=\"text-decoration: underline;\"><strong>Security Awareness Training:<\/strong><\/span> When it comes to IT security weakest link in the chain is humans. Users should be made aware on aspect of security including social engineering tactics deployed by email spoofers. It should be conducted every quarter or at least half yearly.<\/span><\/li><\/ul><h4><span style=\"color: #333333;\"><strong>Preventive Methods &#8211; Technical Controls<\/strong><\/span><\/h4><p><span style=\"color: #333333;\">Most of us would agree that it is a technological problem, which requires a technological solution. So following are ways through which an organization can combat and minimize the risk outsiders pretending to be them:<\/span><\/p><ul><li><span style=\"color: #333333;\"><span style=\"text-decoration: underline;\"><span class=\"ms-rteFontSize-4\"><strong>Sender Policy Framework (SPF): <\/strong><\/span><\/span>SPF is implemented by adding a SPF record on the DNS server. The SPF record contains (all) the IP address \/\u00a0 domain names \u00a0that a receiver may expect to receive emails from:<\/span><\/li><\/ul><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Cloud providers:v=spf1 include:spf.protection.outlook.com include:argustech.com ~all<\/span><\/p><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Own Mail server:v=spf1 a ip4:12.34.56.78\/28 include:argustech.com ~all<\/span><\/p><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\"><a style=\"color: #333333;\" href=\"\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-SPF.png\"><img decoding=\"async\" class=\"size-full wp-image-340 aligncenter\" src=\"\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-SPF.png\" alt=\"Email Identity Protection - SPF\" width=\"955\" height=\"436\" srcset=\"https:\/\/www.argustech.com\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-SPF.png 955w, https:\/\/www.argustech.com\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-SPF-300x136.png 300w, https:\/\/www.argustech.com\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-SPF-297x136.png 297w\" sizes=\"(max-width: 955px) 100vw, 955px\" \/><\/a><\/span><\/p><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\"><mark>ArgusTech SPF record: v=spf1 include:spf.protection.outlook.com IP40.143.141.141 ip209.92.27.6 ~all<\/mark><\/span><\/p><div style=\"padding-left: 60px;\">\u00a0<\/div><div class=\"tool-result-body\"><table class=\"table table-striped table-bordered table-condensed tool-result-table ms-rteTable-5\" style=\"height: 178px;\" width=\"821\"><thead><tr class=\"ms-rteTableHeaderRow-5\"><th class=\"ms-rteTableHeaderEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Prefix<\/span><\/th><th class=\"ms-rteTableHeaderOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Type<\/span><\/th><th class=\"ms-rteTableHeaderEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Value<\/span><\/th><th class=\"ms-rteTableHeaderOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">PrefixDesc<\/span><\/th><th class=\"ms-rteTableHeaderEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Description<\/span><\/th><\/tr><\/thead><tbody style=\"padding-left: 60px;\"><tr class=\"ms-rteTableOddRow-5\" style=\"padding-left: 60px;\"><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">v<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">version<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">spf1<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\">\u00a0<\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">The SPF record version<\/span><\/td><\/tr><tr class=\"ms-rteTableEvenRow-5\" style=\"padding-left: 60px;\"><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">+<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">include<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">spf.protection.outlook.com<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Pass<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">The specified domain is searched for an &#8216;allow&#8217;.<\/span><\/td><\/tr><tr class=\"ms-rteTableOddRow-5\" style=\"padding-left: 60px;\"><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">+<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">ip4<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">40.143.141.141<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Pass<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Match if IP is in the given range<\/span><\/td><\/tr><tr class=\"ms-rteTableEvenRow-5\" style=\"padding-left: 60px;\"><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">+<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">ip4<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">209.92.27.6<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Pass<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Match if IP is in the given range<\/span><\/td><\/tr><tr class=\"ms-rteTableOddRow-5\" style=\"padding-left: 60px;\"><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">~<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">all<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\">\u00a0<\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">SoftFail<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Always matches. It goes at the end of your record.<\/span><\/td><\/tr><\/tbody><\/table><\/div><ul><li><span style=\"color: #333333;\"><span style=\"text-decoration: underline;\"><strong>DomainKeys Identified Mails (DKIM): <\/strong><\/span>is a domain level digital signature authentication framework. A DKIM record is a component of a system that allows your server to cryptographically sign your email messages so that recipients can, if they like, confirm that a message came from you.<\/span><\/li><\/ul><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\"><a style=\"color: #333333;\" href=\"\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-DKIM.png\"><img decoding=\"async\" class=\"size-full wp-image-341 aligncenter\" src=\"\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-DKIM.png\" alt=\"Email Identity Protection - DKIM\" width=\"955\" height=\"436\" srcset=\"https:\/\/www.argustech.com\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-DKIM.png 955w, https:\/\/www.argustech.com\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-DKIM-300x136.png 300w, https:\/\/www.argustech.com\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-DKIM-297x136.png 297w\" sizes=\"(max-width: 955px) 100vw, 955px\" \/><\/a><\/span><\/p><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\">e.g DKIM record for Example &#8211; domain: Example.com Selector=google<\/span><\/p><div style=\"padding-left: 60px;\"><pre class=\"alert alert-success\" style=\"padding-left: 60px;\"><span class=\"ms-rteBackColor-4\" style=\"color: #333333;\">v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCM0eH9rBGDF8ceRkisetzgtzxLZYLlW64KUB1B45rWh\/xyc4UiycNHZL1crse1uQYhP14+UA+hTOI+h\/H+<\/span><\/pre><\/div><div class=\"tool-result-body\" style=\"padding-left: 60px;\"><table class=\"table table-striped table-bordered table-condensed tool-result-table ms-rteTable-5\" style=\"padding-left: 60px;\"><thead style=\"padding-left: 60px;\"><tr class=\"ms-rteTableHeaderRow-5\" style=\"padding-left: 60px;\"><th class=\"ms-rteTableHeaderEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Tag<\/span><\/th><th class=\"ms-rteTableHeaderOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">TagValue<\/span><\/th><th class=\"ms-rteTableHeaderEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Name<\/span><\/th><th class=\"ms-rteTableHeaderOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Description<\/span><\/th><\/tr><\/thead><tbody style=\"padding-left: 60px;\"><tr class=\"ms-rteTableOddRow-5\" style=\"padding-left: 60px;\"><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">v<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">dkim1<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">version<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">The DKIM record version<\/span><\/td><\/tr><tr class=\"ms-rteTableEvenRow-5\" style=\"padding-left: 60px;\"><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">k<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">rsa<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Key type<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">The type of the key used by tag (p).<\/span><\/td><\/tr><tr class=\"ms-rteTableOddRow-5\" style=\"padding-left: 60px;\"><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">p<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCM<\/span><br \/><span style=\"color: #333333;\">0eH9rBGDF8ceRkisetzgtzxLZYLlW64KUB1B45rW<\/span><br \/><span style=\"color: #333333;\">h\/xyc4UiycNHZL1crse1uQYhP14+UA+hTOI+h\/H+<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Public Key<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Public-key data. The syntax and semantic<\/span><br \/><span style=\"color: #333333;\">s of this tag value before being encoded<\/span><br \/><span style=\"color: #333333;\">in base64 are defined by the (k) tag.<\/span><\/td><\/tr><\/tbody><\/table><\/div><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\"><em>A selector is added to the domain name, used to find DKIM public key information. It is specified as an attribute for a DKIM signature, and is recorded in the DKIM-Signature header field. Validation uses the selector as an additional name component, to give differential DNS query names.<\/em><\/span><\/p><ul><li><span style=\"color: #333333;\"><span style=\"text-decoration: underline;\"><strong>Domain-based Message Authentication, Reporting and Conformance (DMARC): <\/strong><\/span>is a <strong>mechanism<\/strong> for improving mail handling by mail-receiving organizations.<\/span><\/li><\/ul><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\">How DMARC Works:<\/span><\/p><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\">DMARC policies are retrieved by the mail-receiving organization during a SMTP session, via DNS. When mail receivers query DNS, they look for a DMARC TXT record at the DNS domain that matches the one found in the <a style=\"color: #333333;\" href=\"http:\/\/tools.ietf.org\/html\/rfc5322\">RFC5322<\/a>. From domain in the email message. If a policy is found, that policy is combined with the author&#8217;s domain and the SPF and DKIM results to deliver a DMARC policy result. This policy result will be either &#8220;pass&#8221; or &#8220;fail&#8221; and may cause a report to be generated. If a policy is not found, the DMARC module determines the organizational domain and <a style=\"color: #333333;\" href=\"http:\/\/tools.ietf.org\/html\/rfc7489#section-6.6.3\">repeats the attempt<\/a> to retrieve a policy from the DNS<\/span><\/p><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\"><a style=\"color: #333333;\" href=\"\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-DMARC.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-342 aligncenter\" src=\"\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-DMARC.png\" alt=\"Email Identity Protection - DMARC\" width=\"955\" height=\"436\" srcset=\"https:\/\/www.argustech.com\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-DMARC.png 955w, https:\/\/www.argustech.com\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-DMARC-300x136.png 300w, https:\/\/www.argustech.com\/wp-content\/uploads\/2015\/10\/Email-Identity-Protection-DMARC-297x136.png 297w\" sizes=\"(max-width: 955px) 100vw, 955px\" \/><\/a><\/span><\/p><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\">e.g. DMARC record at Example.com:<\/span><\/p><p style=\"padding-left: 60px;\"><span class=\"ms-rteBackColor-4\" style=\"color: #333333;\">v=DMARC1; p=quarantine; pct=100; rua=mailto:ITHelpDesk@Example.com;ruf=mailto:ITHelpDesk@Example.com<\/span><\/p><table class=\"ms-rteTable-5\" style=\"padding-left: 60px;\" cellspacing=\"0\"><tbody style=\"padding-left: 60px;\"><tr class=\"ms-rteTableHeaderRow-5\" style=\"padding-left: 60px;\"><th class=\"ms-rteTableHeaderEvenCol-5\" style=\"padding-left: 60px;\" colspan=\"1\" rowspan=\"1\"><span style=\"color: #333333;\"><strong>Tag<\/strong><\/span><\/th><th class=\"ms-rteTableHeaderOddCol-5\" style=\"padding-left: 60px;\" colspan=\"1\" rowspan=\"1\"><span style=\"color: #333333;\"><strong>TagValue<\/strong><\/span><\/th><th class=\"ms-rteTableHeaderEvenCol-5\" style=\"padding-left: 60px;\" colspan=\"1\" rowspan=\"1\"><span style=\"color: #333333;\"><strong>Name<\/strong><\/span><\/th><th class=\"ms-rteTableHeaderOddCol-5\" style=\"padding-left: 60px;\" colspan=\"1\" rowspan=\"1\"><span style=\"color: #333333;\"><strong>Description<\/strong><\/span><\/th><\/tr><tr class=\"ms-rteTableOddRow-5\" style=\"padding-left: 60px;\"><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">v<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">dmarc1<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">version<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">The DMARC record version<\/span><\/td><\/tr><tr class=\"ms-rteTableEvenRow-5\" style=\"padding-left: 60px;\"><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">p<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">quarantine<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Policy<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Policy to apply to email that fails the DMARC test. TagValue can be &#8216;none&#8217;, &#8216;quarantine&#8217;, or &#8216;reject&#8217;.<\/span><\/td><\/tr><tr class=\"ms-rteTableOddRow-5\" style=\"padding-left: 60px;\"><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">pct<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">100<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Percentage<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">The percentage tag tells receivers to only apply policy against email that fails the DMARC check X amount of the time.<\/span><\/td><\/tr><tr class=\"ms-rteTableEvenRow-5\" style=\"padding-left: 60px;\"><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">rua<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">mailto:ITHelpDesk@Example.com;ruf=mailto:ITHelpDesk@Example.com<\/span><\/td><td class=\"ms-rteTableEvenCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Receivers<\/span><\/td><td class=\"ms-rteTableOddCol-5\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">List of URIs for receivers to send XML feedback to. URIs are required to be added in the format of &#8216;mailto:address@example.com&#8217;.<\/span><\/td><\/tr><\/tbody><\/table><ul><li><span style=\"color: #333333;\"><span style=\"text-decoration: underline;\"><strong>rDNS &amp; FCrDNS: <\/strong><\/span>While receiving an email message, a mail server may try to attempt reverse DNS lookup. If the lookup fails (no PTR record), the message may be marked as spam or rejected.<\/span><\/li><\/ul><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\"><strong>FCrDNS test<\/strong><a style=\"color: #333333;\" name=\"fcrdns\"><\/a>FCrDNS, or Forward Confirmed reverse DNS, is when an IP address has forward and reverse DNS entries that match each other. For FCrDNS verification, first a reverse DNS lookup is done to get a list of PTR. Then for each domain name mentioned in the PTR records, a regular DNS lookup is done to see if any of the A records match the original IP address. If there is a forward DNS lookup that confirms one of the names given by the reverse DNS lookup, then the FCrDNS check passes.<\/span><\/p><p style=\"padding-left: 60px;\"><span style=\"color: #333333;\">Example:<\/span><\/p><p class=\"code\" style=\"padding-left: 60px;\"><span style=\"color: #333333;\">IP address 1.2.3.4 resolves to mail.example.com.<\/span><br \/><span style=\"color: #333333;\">Host name mail.example.com resolves to IP addresses 1.2.3.4 and 5.6.7.8.<\/span><br \/><span style=\"color: #333333;\">Thus, reverse DNS for IP address 1.2.3.4 is forward confirmed.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>\u00a0 Digital Fraud \u2013 the challenge With advent of digital information, communication has become blazing fast; and so has risen the opportunity for online fraud.Many organizations have fallen victim to digital impersonation of key individuals. These \u201cidentities\u201d are obtained using various approaches, the most common of them being &#8211; Phishing. By phishing, an impersonator obtains [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":279,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-286","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.argustech.com\/index.php?rest_route=\/wp\/v2\/pages\/286","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.argustech.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.argustech.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.argustech.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.argustech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=286"}],"version-history":[{"count":78,"href":"https:\/\/www.argustech.com\/index.php?rest_route=\/wp\/v2\/pages\/286\/revisions"}],"predecessor-version":[{"id":1560,"href":"https:\/\/www.argustech.com\/index.php?rest_route=\/wp\/v2\/pages\/286\/revisions\/1560"}],"up":[{"embeddable":true,"href":"https:\/\/www.argustech.com\/index.php?rest_route=\/wp\/v2\/pages\/279"}],"wp:attachment":[{"href":"https:\/\/www.argustech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}