Email authentication, DMARC and Exchange

DMARC is a technology that enables responsible organisations to ensure that their domains are not spoofed in phishing attacks. In today’s cyber crime environment, it should be a standard aspect of every organisation’s security configuration.

DMARC, however, won’t protect organisations targeted by cyber criminals who have successfully penetrated unpatched on-premise MS Exchange servers (https://www.zdnet.com/article/microsoft-exchange-server-attacks-theyre-being-hacked-faster-than-we-can-count-says-security-company/). The reality is that an attacker who is inside an Exchange server will be able to send phishing emails that are, to all intents and purposes, legitimate – because they originate from, and display, a real and legitimate email address and are addressed to someone in that sender’s contact list. It makes phishing super easy.

And the only way to deal successfully with this type of attack is well-developed and refined paranoia; staff need to believe that someone is indeed out to get them and that any email they receive from outside, wherever it originated, might contain malware of some sort – most typically (but not exclusively) ransomware. So regular, repeated anti-ransomware staff training, awareness exercises, and internal simulated attacks have to become essential components of a sustained anti-phishing defence programme (Phishing Staff Awareness and Challenge Game Bundle | IT Governance UK).