TechRepublic|Forums|Community

Community

Question

  • Creator
    Topic
  • March 4, 2025 at 3:57 pm #4295181

    Spoofing and Phishing

    by Jctech2025 · about 3 weeks, 2 days ago

    Tags: , ,

    Hi All,

    Haven’t posted here as I was having issues seeing replies to my own posts. Hopefully I can view at this time.

    We had a recent issue where someone spoofed the owner of the company. A team member changed some enhanced settings in Google admin console to help, however I thought it might be due to dns records. The owner was not the only user that the spoofing alerts went off with, however because it was him, everyone got concerned.

    I checked the client DNS in Amazon route 53. They have an SPF and DKIM. However there is no DMARC record. I am still reading more on both to determine the best fix. I am unable to find a solid answer so I’m asking the community. Is a DMARC record needed to check SPF or DKIM? Will they be checked independently or is there a specific settings to create the check? It’s been a while since I dealt with email security, however the only thing I noticed is that DMARC is the only record not in DNS.

    Thanks all,

  • Creator
    Topic

You are posting a reply to: Spoofing and Phishing

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

  • Author
    Replies
    • March 11, 2025 at 1:24 am #4296725

      Reply To: Spoofing and Phishing

      by kubernatesdashboard · about 2 weeks, 2 days ago

      In reply to Spoofing and Phishing

      Yes, adding a DMARC record is essential for strengthening email security. While SPF and DKIM help authenticate emails, DMARC ensures these checks are enforced and provides visibility into spoofing attempts. Without DMARC, emails failing SPF or DKIM may still be delivered. Implementing a DMARC TXT record in Route 53, like v=DMARC1; p=quarantine; rua=mailto:reports@yourdomain.com;, helps reduce phishing risks by defining how failed emails should be handled and sending reports for monitoring. Using “p=quarantine” or “p=reject” improves security by preventing spoofed emails from reaching inboxes.

      • March 11, 2025 at 2:53 pm #4296941

        Reply To: Spoofing and Phishing

        by Jctech2025 · about 2 weeks, 2 days ago

        In reply to Reply To: Spoofing and Phishing

        Ok so with the DMARC record in place it triggers both to be checked? So The idea is that the DKIM stamp if you will is added by an authorized server in the SPF record?

  • Author
    Replies
Viewing 0 reply threads