| Yesterday, the NJCCIC released an advisory, Increase in Compromised NJ Public Sector Accounts. Common threads observed in these incidents are a lack of or misconfigured Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC) records. Without these email security protocols, organizations are more at risk of phishing campaigns and impersonation scams. As a follow-up to the advisory, please review the two guides below on creating and publishing an SPF record and implementing DMARC. The NJCCIC highly advises following these guides to increase email security at your organizations. |
| Sender Policy Framework – SPF Guide Why is SPF important? SPF records, when established along with DomainKeys Identified Mail (DKIM) to implement DMARC, create a policy of quarantine or reject to prevent email spoofing. On its own, SPF records can prevent an unauthorized sending host from sending messages using the envelop sender’s domain. It can also improve email deliverability as domains with SPF records are more trusted. |
| Domain-based Message Authentication, Reporting, and Conformance – DMARC Guide Why is DMARC important? DMARC helps organizations prevent malicious email practices, like domain spoofing. Cyber threat actors often use domain spoofing in their phishing campaigns as it can be used to make messages appear as though they are sent from known and trusted organizations and individuals. DMARC helps senders and receivers work together to safeguard email and reduce instances of spoofing, phishing, and spam. It provides an extra layer of security to identify spammers and prevent malicious emails from overwhelming an organization’s mailboxes while minimizing false positives. Additionally, DMARC offers improved authentication reporting for greater transparency. |
| Reporting The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report. |