9.5: Implement DMARC

Threats Addressed:


Previous Version:

Control Statement

To lower the chance of spoofed or modified emails from valid domains, implement DMARC policy and verification, starting with implementing the Sender Policy Framework (SPF) and the DomainKeys Identified Mail (DKIM) standards.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]