Information
Publish Domain-Based Message Authentication, Reporting and Conformance (DMARC) records for each Exchange Online Accepted Domain.
Rationale:
Domain-based Message Authentication, Reporting and Conformance (DMARC) work with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate mail senders and ensure that destination email systems trust messages sent from your domain.
Impact:
There should be no impact of setting up DMARC however, organizations should ensure appropriate setup to ensure continuous mail-flow.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To add DMARC records, use the following steps:
For each Exchange Online Accepted Domain, add the following record to DNS:
Record: _dmarc.domain1.com
Type: TXT
Value: v=DMARC1; p=none;
This will create a basic DMARC policy that audits compliance