Two days ago I had an issue with someone randomly contacting me on Twitter saying that someome from my company sent her a ransom email asking for bitcoins. Initially I didn't pay too much attention and actually blocked her, thinking it was just a scam attempt, but upon further inspection I realized my email DMARC settings were not correct.
I spent a few hours looking into it and improving my email authentication, so today I wrote a quick summary of what I learned while doing so. It's just a technical overview of what I had to do to fix my DMARC policy.
I posted this for those who didn't know this was an issue, never considered setting up DMARC for their business domains or just want a very short summary of what setting it up means.
I am by no means an expert in the domain, but it took longer than it should finding examples of DMARC/DKIM/SPF TXT records and understanding how to set the correct values.
Two days ago I had an issue with someone randomly contacting me on Twitter saying that someome from my company sent her a ransom email asking for bitcoins. Initially I didn't pay too much attention and actually blocked her, thinking it was just a scam attempt, but upon further inspection I realized my email DMARC settings were not correct.
I spent a few hours looking into it and improving my email authentication, so today I wrote a quick summary of what I learned while doing so. It's just a technical overview of what I had to do to fix my DMARC policy.
I posted this for those who didn't know this was an issue, never considered setting up DMARC for their business domains or just want a very short summary of what setting it up means.
I am by no means an expert in the domain, but it took longer than it should finding examples of DMARC/DKIM/SPF TXT records and understanding how to set the correct values.