MS.EXO.4.3v1 - The DMARC point of contact for aggregate reports SHALL include `[email protected]`.

Information

Email spoofing attempts are not inherently visible to domain owners. DMARC provides a mechanism to receive reports of spoofing attempts. Including <[email protected]> as a point of contact for these reports gives CISA insight into spoofing attempts and is required by BOD 18-01 for FCEB departments and agencies.

Solution

See [MS.EXO.4.1v1 Instructions](#msexo41v1-instructions) for an overview of how to publish and check a DMARC record. Ensure the record published includes <[email protected]>
as one of the emails for the RUA field.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|CA-7, 800-53|CA-8, 800-53|CM-2, 800-53|CM-5, 800-53|CM-6, 800-53|CM-7, 800-53|IA-2, 800-53|IA-4, 800-53|RA-5, 800-53|SI-3, 800-53|SI-4, 800-53|SI-7

Plugin: microsoft_azure

Control ID: d75cbffcaac0eb1850bfdab4f7527340368bec673ea3500fca9f5d39c3c8557d