Why Email Authentication?
Bank websites are extremely vulnerable to malicious attacks, such as spoofing and phishing. Email Authentication helps prevent these attacks by achieving DMARC Alignment.
The .BANK requirement is that the domain must be in DMARC Alignment with either SPF or DKIM. The mandatory implementation of encryption practices will further enhance the security of the .BANK TLD by preventing various types of attacks.
What is DMARC?
Domain-based Message Authentication, Reporting and Conformance (DMARC) is a requirement that involves the email addresses used by a bank to send out email. DMARC is a way to determine whether or not a given message is legitimately from the sender, and what to do if it isn’t. This makes it easier to identify spam and phishing messages, and keep them out of customers' inboxes.
DMARC provides domain-owners with control, and the ability to block domain-based spoofing. Used correctly, DMARC also provides domain-owners with intelligence, by giving domain owners aggregate and forensic data on emails. However, DMARC implementation is complicated and has traditionally been too costly for most small businesses.
DMARC Migration Process
By default, all .BANK domain names must have DMARC records set to "Reject". This means the domain is not being used to send out email. Banks are free to keep this setting for as long as they wish to. When banks decide they want to start using their .BANK domain name to send out email, the DMARC record is temporarily set to "None". This allows a designated email address to review reports from various email service providers, such as Google, Yahoo, Comcast, Microsoft, etc. regarding emails that are claiming to be from the bank's domain name. All authorized email senders are then inventoried and white-listed in a SPF record (A less-common approach using digital signatures is called DKIM). Once either of these records are correctly configured, the DMARC setting is switched back to "reject" so that the email service providers do not deliver unauthorized email.
About EnCirca's Email Authentication Solution
There are three methods for DMARC compliance: Our DMARC Monitoring Service is a cost-effective email authentication service appropriate for community banks to help make the promise of .BANK a reality. Our base package includes Email authentication for both your .BANK domain and your existing website domain.