Exam CS0-002 topic 1 question 144 discussion

I agree with B p=none - Take no action on the message and deliver it to the intended recipient. should be p=reject or p=qarantine

To add more clarity here (I worked specifically in email security). It is not required to have an SPF alignment tag (ASPF tag). https://easydmarc.com/blog/what-are-dmarc-tags-dmarc-tags-explained/ Even if you did have it, DMARC policy is in monitor only mode (p=none), so it wouldn't matter. The policy is never going to be enforced until you move it to p=quarantine at the minimum (very few orgs actually hit a p=reject stage, it's incredibly difficult).

This is an example of a DMARC policy record. The v and p tags must be listed first, other tags can be in any order: Example: v=DMARC1; p=reject; rua=mailto:[email protected], mailto:[email protected]; pct=100; adkim=s; aspf=s You can choose from two alignment modes: strict and relaxed. Set the alignment mode for SPF and DKIM in the DMARC record. The aspf and adkim DMARC record tags set the alignment mode. In the following cases, we recommend you consider changing to strict alignment for increased protection against spoofing: Mail is sent for your domain from a subdomain outside your control You have subdomains that are managed by another entity To pass DMARC, a message must pass at least one of these checks: SPF authentication and SPF alignment DKIM authentication and DKIM alignment A message fails the DMARC check if the message fails both: SPF (or SPF alignment) DKIM (or DKIM alignment) Important: Relaxed alignment typically provides sufficient spoofing protection. Strict alignment can result in messages from associated subdomains to be rejected or sent to spam. https://support.google.com/a/answer/10032169?hl=en

I would go with B as well.. Here is what I found about setting up Policies and email spoofing. Take a look at the Final Notes towards the bottom. https://4sysops.com/archives/set-up-dmarc-for-spf-and-dkim/

“adkim=” This sets the DKIM portion of DMARC authentication to either “s” for strict or “r” for relaxed. The strict setting ensures DKIM will only pass if the “d=” field in the signature precisely matches the “from” domain. When set to relaxed, messages will pass DKIM only if the “d=” field matches the root domain of the “from” address.

Actually must be C. It must have an aspf tag which is missing

The alignment tag is set to 'R' meaning relaxed. Any valid subdomain of d=domain in the DKIM mail headers is accepted. Should be set to 'S' strict.

the policy tag is set to "none," which means that mailbox providers should not take any action on email that fails DMARC. This is likely the reason why the company's domain is being spoofed in numerous phishing campaigns, as mailbox providers are not blocking or quarantining the suspicious emails. To fix this issue, the analyst should change the value of the policy tag to "quarantine" or "reject" to instruct mailbox providers to take appropriate action on email that fails DMARC. B is the correct ans

I did research on DMARC and to pass DMARC, you must pass SPF authentication and alignment. I see nothing about SPF alignment in the code so I think it should be C.

B p=none

I'm feeling C. "The way it works is to help email receivers determine if the purported message “aligns” with what the receiver knows about the sender." https://dmarc.org/overview/

I agree B

Literally no idea... Hope B is right....