Finding #13

Description *

Priority (1-4) Category 1 Category 2

Formatted Text *

Email Domain-based Message Authentication, Reporting, and Conformance (DMARC) Failing Validation

Severity Level: Priority 2
Category: Security / Operations

Description:
DMARC is configured but failing validation due to SPF/DKIM misalignment or third-party sender issues, exposing the bank to phishing and spoofing risks.

Impact:

Increased phishing and domain spoofing risks.
Emails routed to spam, reducing deliverability.
Erosion of customer trust and regulatory scrutiny.

FFIEC Reference:

FFIEC IT Examination Handbook (November 2016):

"Email authentication protocols reduce phishing risks." (p. 33)
"Proper DMARC configuration ensures compliance." (p. 35)

Recommendations:

Align SPF/DKIM: Correct misconfigurations in DNS records.
Test DMARC: Use tools like MxToolbox for validation.

<h2 style="margin: 0in; font-size: 14pt; font-family: Arial, sans-serif; color: rgb(89, 89, 89); letter-spacing: 0.25pt;">Email Domain-based Message Authentication, Reporting, and Conformance (DMARC) Failing Validation<o:p></o:p></h2>Severity Level: Priority 2 Category: Security / Operations Description: DMARC is configured but failing validation due to SPF/DKIM misalignment or third-party sender issues, exposing the bank to phishing and spoofing risks. Impact:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Increased phishing and domain spoofing risks.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Emails routed to spam, reducing deliverability.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Erosion of customer trust and regulatory scrutiny.<o:p></o:p></li></ul>FFIEC Reference:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">FFIEC IT Examination Handbook (November 2016):<o:p></o:p></li><ul type="circle" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">"Email authentication protocols reduce phishing risks." (p. 33)<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">"Proper DMARC configuration ensures compliance." (p. 35)<o:p></o:p></li></ul></ul>Recommendations:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Align SPF/DKIM: Correct misconfigurations in DNS records.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif; color: rgb(89, 89, 89);">Test DMARC: Use tools like MxToolbox for validation. <o:p></o:p></li></ul>

Back to list