Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: SOCIAL ENGINEERING
- CIS: M365 4.13 - (L1) Ensure DMARC Records for all Exchange Online domains are published
This Customer Check verifies if DMARC Records are correctly published for all domains linked to Exchange Online.
Why this check?
DMARC is an important feature to demonstrate the authenticity of your email messages. Conversely, it serves to block emails that are falsely sent in your name, for example by phishers and spammers. This indirectly serves the reputation of your organization, as without this protection, an attacker could attempt to deceive someone supposedly on your behalf.
DMARC stands for "Domain-based Message Authentication, Reporting & Conformance". This feature provides the sender with the ability to give handling instructions for email to a recipient. DMARC works through DNS records and is recommended along with SPF (CHK-1033) and DKIM (CHK-1029) to optimize the reliability of email traffic.
In this check, we verify the correctness of DMARC configuration for all domains connected to your Microsoft Tenant. An exception is made for the *.onmicrosoft.com domains, as these are owned by Microsoft itself and you cannot manage the DMARC settings for them.
CIS Benchmarks
This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:
- CIS M365 4.13 - (L1) Ensure DMARC Records for all Exchange Online domains are published
What possible outcomes does the check have?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: DMARC is correctly configured for all email domains (*.onmicrosoft.com excepted)
- Warning: For one or more domains linked to your Exchange Online (*.onmicrosoft.com excepted), DMARC is not correctly configured.
How should this be followed up?
If the output is Warning , we advise setting up DMARC for all domains where this is not yet or not fully the case. More information on implementing DMARC can be found here:
Use DMARC to validate email - Office 365 | Microsoft Docs
Comments
0 comments
Please sign in to leave a comment.