The Australian Signals Directorate (ASD) has published a ‘how-to’ guide for tackling email spoofing to help more organizations adopt email security protocols that can thwart phishing and business email compromise (BEC) attacks.  DMARC (Domain-based Message Authentication, Reporting and Conformance) is one of the key email protocols that can mitigate email that spoofs a trusted organization’s email domain to boost the chances that a recipient opens an email or downloads an attachment.  In the new document, the ASD recommends organizations implement DMARC, which is designed to work on top of Sender Policy Framework (SPF) and/or Domain Keys Identified Mail (DKIM).  Both SPF and DKIM aim to verify the sender’s authenticity but DKIM uses public key cryptography for verification. SPF however appears to be the preferred base.

Read full article on CSO