Cyber-Criminals can launch spoofing attacks not only on your own company staff, but also at your suppliers, customers and even the general public. A business looking email, launched from a mail server with a neutral reputation, is very hard for anti-phishing/ anti-spam products to identify, unless, you have properly setup sender authentication, or DMARC (with SPF and DKIM) for your Domain.
Unfortunately for most companies in Malaysia, many have not setup DMARC, and the few that have, many have done it incorrectly, and thus still exposing the company to potential domain impersonation.
However, how does this framework function? How well does it prevent Spoofing? What’s the right way of implementing it? How do we configure this in Microsoft 365?
We have invited Con Lokos, VP of Dmarcian Inc, Asia Pacific to deliver this talk. He has vast experience on how to correctly use DMARC to protect an organizations domain from being used by cyber criminals, and we are very honored to have him share his knowledge.
This event is carefully curated by our senior consultant and Microsoft MVP Vincent Choy.
Date: 5th August 2020, Wednesday
Time: 10.00 am to 11.30 am
Venue: Online via Microsoft Teams Meeting
Developed in 2012, DMARC (Domain-based Message Authentication, Reporting & Conformance – RFC 7489) is an email authentication protocol that gives insight into how email is delivered. DMARC gives email senders the ability to not only receive feedback about how receivers treat their email, but also the ability to inform receivers to reject illegitimate messages. DMARC is helping organizations of every size ensure reliability and prevent phishing and domain spoofing.
Many security devices and email providers have adopted the SPF, DKIM and DMARC standards, including Microsoft Office 365. Ensuring your own IT environment complies with this standard would help in the following ways –
- Prevent Enterprise spear phishing, and other attack variants such as CEO email fraud
- Detect misconfigurations of the underlying SPF and DKIM settings
- Inventory of all email senders using the valid email domain