Finding #14

Description *

Priority (1-4) Category 1 Category 2

Formatted Text *

Email DomainKeys Identified Mail (DKIM) Security Failing Validation

Severity Level: Priority 2
Category: Security / Communication

Description:
DKIM is not implemented, leaving emails vulnerable to tampering and spoofing without cryptographic verification.

Impact:

Increased risk of phishing, BEC, and ransomware.
Poor email deliverability (e.g., junk folder placement).
Damage to sender reputation and customer trust.

FFIEC Reference:

FFIEC IT Examination Handbook (November 2016):

"DKIM enhances email security and authenticity." (p. 33)
"Email authentication mitigates spoofing risks." (p. 35)

Recommendations:

Implement DKIM: Set up selectors in MS365 and publish keys in DNS.
Combine with SPF/DMARC: Ensure full email authentication suite.
Test Configuration: Verify DKIM signatures with email tools.

<h2 style="margin: 0in; font-size: 14pt; font-family: Arial, sans-serif; color: rgb(89, 89, 89); letter-spacing: 0.25pt;">Email DomainKeys Identified Mail (DKIM) Security Failing Validation<o:p></o:p></h2>Severity Level: Priority 2 Category: Security / Communication Description: DKIM is not implemented, leaving emails vulnerable to tampering and spoofing without cryptographic verification. Impact:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Increased risk of phishing, BEC, and ransomware.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Poor email deliverability (e.g., junk folder placement).<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Damage to sender reputation and customer trust.<o:p></o:p></li></ul>FFIEC Reference:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">FFIEC IT Examination Handbook (November 2016):<o:p></o:p></li><ul type="circle" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">"DKIM enhances email security and authenticity." (p. 33)<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">"Email authentication mitigates spoofing risks." (p. 35)<o:p></o:p></li></ul></ul>Recommendations:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Implement DKIM: Set up selectors in MS365 and publish keys in DNS.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Combine with SPF/DMARC: Ensure full email authentication suite.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Test Configuration: Verify DKIM signatures with email tools.<o:p></o:p></li></ul>

Back to list