Detections
Analytics

CSCv7|7.8

Title

Implement DMARC and Enable Receiver-Side Verification

Description

To lower the chance of spoofed or modified emails from valid domains, implement Domain-based Message Authentication, Reporting and Conformance (DMARC) policy and verification, starting by implementing the Sender Policy Framework (SPF) and the DomainKeys Identified Mail(DKIM) standards.

Reference Item Details

Category: Email and Web Browser Protections

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1.8 Ensure that SPF records are published for all Exchange Domainsmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.1.0
2.1.8 Ensure that SPF records are published for all Exchange Domainsmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.0.0
2.1.9 Ensure that DKIM is enabled for all Exchange Online Domainsmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.0.0
2.1.9 Ensure that DKIM is enabled for all Exchange Online Domainsmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.1.0
2.1.10 Ensure DMARC Records for all Exchange Online domains are publishedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.0.0
2.1.10 Ensure DMARC Records for all Exchange Online domains are publishedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.1.0
4.7 Ensure that DKIM is enabled for all Exchange Online Domainsmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.5.0
4.7 Ensure that DKIM is enabled for all Exchange Online Domainsmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v2.0.0
4.7.2.1 New configuration file for sendmail /etc/mail/submit.cfUnixCIS IBM AIX 7.2 L1 v1.0.0
4.7.2.1 New configuration file for sendmail /etc/mail/submit.cfUnixCIS IBM AIX 7.2 L1 v1.1.0
4.8 Ensure that DKIM is enabled for all Exchange Online Domainsmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
4.8 Ensure that SPF records are published for all Exchange Domainsmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.5.0
4.8 Ensure that SPF records are published for all Exchange Domainsmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v2.0.0
4.9 Ensure DMARC Records for all Exchange Online domains are publishedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v2.0.0
4.9 Ensure DMARC Records for all Exchange Online domains are publishedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.5.0
4.9 Ensure that SPF records are published for all Exchange Domainsmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
4.10 Ensure DMARC Records for all Exchange Online domains are publishedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
4.11 Ensure that DKIM is enabled for all Exchange Online Domainsmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.3.0
4.12 Ensure that SPF records are published for all Exchange Domainsmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.3.0
4.13 Ensure DMARC Records for all Exchange Online domains are publishedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.3.0
7.4 Ensure Either SPF or DKIM DNS Records are ConfiguredUnixCIS BIND DNS v1.0.0 L2 Authoritative Name Server