Technical Guidance

Understanding Shadow IT

For those who’ve been doing IT long enough to remember using a green display monitor also remember a time when everything was locked down and centralized. During the early 1980s, Local Area Networks became more popular and with them came decentralization, allowing other internal departments within an organization to take control of their IT requirements…
Vaughn Talbert
23 May 2019
Technical Guidance

Adding DMARC to Office 365

Microsoft's Office 365 platform supports DMARC (Domain-based Message Authentication, Reporting, and Conformance).  The complete Microsoft guide is listed here.The starting point is to review the SPF and DKIM settings. We would also recommend Microsoft's guide - Set up SPF in Office 365 to help prevent spoofing. How your SPF record is formatted depends on if whether…
Vaughn Talbert
21 March 2019
Ecosystem NewsTechnical Guidance

GDPR’s Impact on DMARC Data Collection

When the EU passed the General Data Protection Regulation (GDPR) it triggered a worldwide examination of different types of data, including the data found in DMARC Aggregate (RUA) and Failure (RUF) reports. A legal analysis from ECO, the German Internet Industry group, breaks down all aspects of DMARC data and the concerns involved related to…
dmarcian
24 September 2018
Worst Phish by country Ecosystem NewsInside dmarcianTechnical Guidance

Phishing leaves a DMARC trail

Earlier this year The Anti-Phishing Working Group (AWPG) and dmarcian had the opportunity to look for patterns across data sets to see if anything interesting emerged. We decided to cross reference the IP addresses from APWG’s phishing and malicious IP data sets contained in their eCrime Exchange (eCX) threat data sharing platform, against the addresses…
dmarcian
7 August 2018
Ecosystem NewsTechnical Guidance

Subdomain Management Changes

As many of you may have noticed, there have recently been some changes to the UI regarding subdomains. After talking with people about how subdomains were being used and abused across the internet, we decided to spend some time rethinking how dmarcian process, sorts and displays subdomains. These new changes allow our system to handle…
dmarcian
9 January 2017
Technical Guidance

What is “External Destination Verification”?

A domain's DMARC record can tell the world to send DMARC reports to a different domain. For example, the domain example.org might have a DMARC record of: v=DMARC1; p=none; rua=mailto:dmarc_reports@sample.net This DMARC record tells people to send reports regarding example.org to the email address of dmarc_reports@sample.net. Before reports are sent, sample.net must tell the world…
dmarcian
23 June 2016
dmarcian PlatformTechnical Guidance

SPF-Identified Servers – How and Why

To turn DMARC into something useful to people, dmarcian processes DMARC data using a big pile of rules.  These rules identify sources of email, and dmarcian presents users with DMARC compliance information based on email source. One identified source of email is called "SPF-Identified Servers", and dmarcian users are often curious as to how data ends up in…
dmarcian
5 April 2016