Submission and receipt of messages by e-mail (e-mail@anm.ro)
In line with the NAMMDR IT&C security procedures and the European Commission’s recommendations to counter phishing attacks, message authentication, reporting and compliance will be domain-based (Domain-based Message Authentication, Reporting and Conformance – DMARC).
Security issues recommended for e-mail delivery to the anm.ro domain:
✓ DMARC (Domain-based Message Authentication, Reporting and Conformance)
✓ SPF (Sender Policy Framework)
✓ Reverse DNS
✓ No Open Relay
Recommendations for network administrators according to the National Cyber Security Directorate – https://dnsc.ro/
• Configuration of the server you manage (DNS, SPF – Sender Policy Framework and DKIM – Domain Key Identified Mail records), depending on your company’s/institution’s security policy
SPF
The SPF controls IP addresses, which are allowed to send e-mails on behalf of the domain. All e-mails are usually sent from the IP address assigned to the server. If the domain has a dedicated IP address, it must be authorised to send e-mails.
DKIM
To generate the key, go to opendkim.org
It is vital to make sure that everything is fine in terms of SPF and DKIM settings! Otherwise, you may end up with legitimate e-mails being rejected by the destination server.
• We recommend using the ‘QUARANTINE’ policy for DMARC
DMARC is the e-mail protocol for authentication and reporting which protects your online digital identity from being used in illegal activities (e.g. unauthorised financial transactions).
DMARC – acronym for Domain Based Message Authentication, Reporting and Conformance.
Authentication – is based on two authentication methods, the SPF (Sender Policy Framework) and the DKIM (DomainKeys Identified Mail)
Reporting – ensures visibility of rejected e-mails
Conformance – standardizes the manner in which rejected e-mails are handled, by applying flexible policies, namely none, quarantine or reject.
There are three types of DMARC policies:
– NONE: All e-mails shall be sent. DMARC reports can be analysed to detect the sender of the e-mail on your behalf. Afterwards, you can move on to the next policy, Quarantine;
– QUARANTINE: All e-mails which do not comply with DMARC validation will be marked as spam and automatically filtered by the destination server (they will enter the SPAM / JUNK directory);
– REJECT: If this restrictive policy is employed, in the event that DMARC fails, the order to reject the e-mail will be sent to the destination server without being filtered. If this method is employed, no one will be able to send e-mails on your behalf.
Report an IT&C technical incident or problem