- The FBI, The US Department of State, and the NSA advise administrators to update their organization's DMARC security policy to use "v=DMARC1; p=quarantine;" or "v=DMARC1; p=reject;" configurations. The first instructs email servers to quarantine emails that fail DMARC and tag them as potential spam, while the second tells them to block all emails that fail DMARC checks.
- Set other DMARC policy fields, such as 'rua,' to receive aggregate reports about the DMARC results for email messages purportedly from the organization's domain.
- The NJCCIC products, New Jersey Email Authorization & Authentication Set Up PDF and the Sender Policy Framework - SPF Guide, provide additional information on establishing DMARC authentication.
- Make informed decisions regarding sharing information with individuals, businesses, services, and applications, regardless of specific endorsements and affiliations.
- Use strong, unique passwords for all accounts and enable MFA where available, choosing authentication apps or hardware tokens over SMS text-based codes.
- Avoid clicking links, responding to, or otherwise acting on unsolicited text messages or emails.
- Red flag indicators, additional recommendations, and technical analysis can be found in the joint cybersecurity advisory.
