DHS Binding Operational Directive 18-01 (BOD 18-01)

Post date: Jun 07, 2019 9:50:10 PM

If you are seeing a lot of attempts coming in where phishing emails look exactly like internal emails and are getting through your spam filters, there are some things you can do to mitigate your risks.

I have seen such emails come through recently which I could barely tell weren't from our own domain, with no evidence of spoofing except minor character changes in source; which has prompted me to increase the mail servers SPF, DKIM, and DMARC record settings to make it as next to impossible to impersonate a user on the server as is possible without someone literally hacking one of our accounts.


If you are interested, this tool will check your email settings for you and tell you what you need to do: http://www.appmaildev.com to increase security. You Run the DKIM test tool, and send an email to the randomized address it gives you. After you click send, just wait until the server receives the email and it will diagnose your settings and tell you what's what with your settings. It will even run a spam check.

After you have done that, you can check all your changes with this site: https://domain-checker.valimail.com to verify compliance with the current standards. It's basically a dashboard view of your settings.

If you need assistance creating a DMARC record, this tool works great: https://dmarcguide.globalcyberalliance.org/#/

See: https://www.valimail.com/press/half-of-federal-agencies-on-track-with-dhs-email-requirement-as-deadline-looms/

and: https://mxtoolbox.com/dmarc/security/department-of-homeland-security-bod1801-dmarc-setup?lm=NAV-EDC

Office365: http://msexchangeguru.com/2016/07/20/o365-dkimrecord/