DMARC - Guidance and Implementation: 10 weeks

Fedelis Sdn Bhd

DMARC proper guidance & implementation so that your domain name(s) is protected from being used for email spoofing.

How do you protect your Microsoft365 from spoofing?

There is an area of Microsoft365/Office365, that if turned on and configured properly, will greatly enhance your protection against your domain being spoofed, and subsequently used to attack your own staff or external parties like your customers, suppliers or the public. This area is called sender authentication, and the specific terminology is SPF, DKIM and DMARC.

3 Frameworks, SPF in April 2014, DKIM in 2011, and DMARC in 2015, work in tandem to help combat email fraud. These frameworks are found in Microsoft 365.

However, these frameworks are often misunderstood. This service offers guidance and implementation consulting on how to use these frameworks in your Microsoft 365 subscription to help prevent mail fraud and help you configure these frameworks with Microsoft365 in your organization that would prevent your customers, suppliers or even the general public from being spoofed by fraudsters using your organization's email domain.

The services comprise the following stages

  1. Access & Monitor
  • Using a valid DMARC monitoring and reporting service trial....
  • Identify all valid known domains and determine DMARC requirement
  • Monitor and identify all email senders using identified domains
  • Identify issues with Microsoft365 SPF and DKIM settings
  • Investigate all known and unknown email servers using customer's valid domains
  1. Implement & Lock Down
  • Correct any errors in SPF & DKIM settings in Microsoft365
  • Ensure all authorized email sending services are configured to be DMARC compliant
  • Remediation plan for authorized senders that cannot be made DMARC compliant
  • Ensure no issues with SPF & DKIM settings for all senders
  • Domain & sub-domain housekeeping to ensure functional DMARC compliance
  • Subscription of suitable DMARC monitoring & reporting service based on volume and licensing requirements

At a glance