Skip to main content

The October 15th 2018 deadline is approaching quickly...

The deadline (October 15th, 2018)  is quickly approaching before email changes forever....

If you were caught by an email scam 3 or more years ago it would have been a hard luck story and just about would have told you to be more careful. 

On October 15th, this year (2018) the US Government will turn on the DMARC p=reject authentication for all inbound emails (a Google search will show plenty of references). But what does that mean and why do we believe this is going to cause tech mayhem?

Let me explain:

1.) For DMARC to work the receiving mail servers must check the inbound mail's DNS for a DMARC record and subsequent instruction. If there is no record the mail passes (based on reputation etc). If there record is set to quarantine or reject then it checks the inbound mail for alignment. If there is no alignment then the mail is either quarantined or rejected.  It is a little more complicated than that however the concept is there.




https://zuluedm.com/trusted-sender/1.0



2.) Mail sent from traditional MX servers have little work to be made compliant. However given that bulk email is sent from Mail Transfer Agents (MTA's) it requires configuration for each email sending application / source. 

3.) Our experience has shown that a medium size organisation of less than 250 people will take 3 months to be in a position to move to quarantine or reject whilst experiencing some major hurdles. Why? Not many applications have been built to factor in the authentication required to be compliant. So what then happens if you have applications you rely on daily stop working? Well for a little while you will skim through it however as more organisation's move to the standard the net will close.

If every US Government Agency starts rejecting email that they were accepting such as immigration, homeland security, welfare, the courts and so on, what will happen next? Of course the Law firms will follow suit and have not even started. the insurance companies will need to be compliant if they want to sell insurance and just about every small business that has a need to email the government using their  domain will have to be compliant. 

So what? Well the Australian Government, NZ Government and more than 95% of any listed public entities will not be able to chase payments or send orders for major contracts. So what will happen then is that all of the domains that rely on the US and the UK will start to implement the standard and realist that moving to p=reject has serious repercussions. 

Software applications that have been used for years will need to be scrapped, Quick-books won't comply, neither does MYOB or XERO (we have a plug in).  Slack and popular Apps will stop sending email (as Eway has for us) and then hybrid solutions that are bad for long term domain emailing such as Sendgrid and Mandrill are simply unacceptable as the SPF net blocks they consume using CNAME means it's them and only them to have your domain compliant. 

If you read our research and the experience we have shared then you will know that domain reputations tank badly when they become visible and given we recommend 90 days for the implementation process then today is the last day to get started if you want to email the US Government and the companies that supply them will follow.   

Perhaps Prime Minister Malcolm Turnbull plans to SMS Donald Trump instead!

Zulu eDM is only email service provider and campaign platform software that mandates DMARC. We have also innovated the Trusted Sender program to help Franchise Businesses and general businesses and NGO's navigate the post DMARC effects and maintain if not improve their email delivery and engagement.

Comments

Popular posts from this blog

Australian City Councils fail the ultimate test - protecting their community from crime in this case email

Australian Local Government have failed the ultimate test - protecting their community from crime. In this case crime relating to email.

The crime does not need to be isolated to online scams. It could be a council employee email address faked for criminal gain. 

In May 2018, we conducted research into over 570 local government organisations with the following results. 

Only 1 from over 570 surveyed is protecting their community. Narromine Shire Council has taken the necessary steps to prevent their domain from being used by criminals however no council has implemented an Anti-spoof / Phishing policy on their website. (narromine.nsw.gov.au)

One insurer has even referenced the Ipswich email scam which was completely avoidable. Ipswitch city council has not taken any steps to implement the protective measures -a link to check.

Only 24/50 councils have started the process but either stopped or are yet to become safe and trustworthy. Willoughtby City Council have now started the process.

The pr…

The US S&P 500 Up 7%

As part of the Trusted Sender initiative we will continue to monitor the largest companies on various Stock Exchanges.  From the period June - December 2018: US companies that have started the DMARC process is up 7% from 202 to 235 companies. The increase is most likely due to the US Government going live with their reject policy. 64 Companies were found to be protecting us from their domain from being SPOOF'ed however there is a disturbing lack of Financial Industry organizations that appear in this list given US banks were the founding organizations for the initial DMARC project. 

Five Times Safer - Australian Councils Increase Email Authentication

Whilst the Australian Federal Government lags behind it's peers, Australia Local Government has taken up the charge of protecting email users and their constituents by implementing a protected DMARC p=reject policy.
Amongst the 5 now compliant and secured email domains, in May 2018 when surveyed, only 1 of the councils, Narromine City Council, was compliant. Brisbane City Council, had started the process and none of the other remaining 5 councils had a DMARC record.
There has also been an increase in Councils beginning the Anti-SPOOF authentication process from 23 councils to 32, a net increase of 39% but the figure is a long way short of the 537 Councils surveyed.
You can find list of the councils by visiting our Trusted Sender App.