Categories
Pages
-

IT Center Blog

Email Security – Evaluation of DMARC Policy for Incoming Emails

August 30th, 2023 | by
Letters of a keyboard representing the word email

Source: Pixabay

In the fourth part of our e-mail security series, we would like to inform you about an innovation in our e-mail security policy.

After we reported on e-mail, e-mail statistics at RWTH Aachen University, and the SMTP protocol and its pitfalls in the first and second articles, and informed you about the DKIM identification protocol and DMARC in the third article, this fourth part is now about a new e-mail security requirement. To ensure that RWTH can continue to provide a secure e-mail service in the future, we have decided to introduce the evaluation of a sender’s DMARC policy when accepting mail at the university’s central mail gateway. You can find out what this means in this blog post.

 

About the Background of the Previous Configuration Options

Mail domain owners can have different settings and appropriate measures. For example, setting special DNS records can ensure that a receiving mail system can check an e-mail to see if a sending mail system is authorized to send mail with a specific sender address. This process is known as a Sender Policy Framework (SPF) entry, which classifies email as a trusted or problematic source. Furthermore, the sending mail server can form a digital signature (DKIM) using e-mail header information: This allows the receiving mail server of a message to verify that a header information has not been modified during the transmission of an email.

 

New E-Mail Security Default: DMARC Policy Evaluation

In addition to these two basic configuration options, a mail domain owner can now also make a recommendation to a receiving mail server. Based on the published defaults (DNS records) of the mail domain owner, the receiving mail server (RWTH Mailserver) can decide how to handle emails that do not or not fully comply with the defaults.  This instruction that a mail domain owner can issue is called a DMARC policy.

The RWTH’s central mail gateway now evaluates the DMARC policy of the sender’s domain for incoming e-mails as a new e-mail security requirement. Based on the settings and recommendations made there, the mail gateway decides whether an e-mail is classified as trustworthy or not. If an email is deemed untrusted, then the email acceptance is rejected, based on the mail domain owner’s settings.

 

Is There a Need for Action?

There is currently no need for action on the part of the end user (students and employees of RWTH), since RWTH has not published a DMARC record in the DNS for itself at this time. However, the university may no longer accept redirected mails from other mailboxes due to the new configuration, if the published DMARC policy of the sender’s e-mail domain so provides.

You have questions about mail security? Then send us a message to the IT-ServiceDesk.


 

Responsible for the content of this article are Lina-Louise Kaulbach and Thomas Pätzold.

2 responses to “Email Security – Evaluation of DMARC Policy for Incoming Emails”

  1. Jakob says:

    Vorschlag für Teil fünf: ARC. Sieht man immer häufiger in Headern und ist anscheinend eine Lösung für das Problem von Weiterleitungen mit DMARC.

    • Kaulbach, Lina-Louise says:

      Hallo Jakob,
      vielen Dank für deinen Kommentar.
      Wir nehmen deinen Hinweis gerne mit auf!

      Viele Grüße
      Das IT Center Blog Team