Submission and receipt of messages by e-mail (
In line with the NAMMDR IT&C security procedures and the European Commission’s recommendations to counter phishing attacks, message authentication, reporting and compliance will be domain-based (Domain-based Message Authentication, Reporting and Conformance – DMARC).
Security issues recommended for e-mail delivery to the domain:
DMARC (Domain-based Message Authentication, Reporting and Conformance)
SPF (Sender Policy Framework)
Reverse DNS
No Open Relay

Recommendations for network administrators according to the National Cyber Security Directorate –

Configuration of the server you manage (DNS, SPF – Sender Policy Framework and DKIM – Domain Key Identified Mail records), depending on your company’s/institution’s security policy

The SPF controls IP addresses, which are allowed to send e-mails on behalf of the domain. All e-mails are usually sent from the IP address assigned to the server. If the domain has a dedicated IP address, it must be authorised to send e-mails.

To generate the key, go to
It is vital to make sure that everything is fine in terms of SPF and DKIM settings! Otherwise, you may end up with legitimate e-mails being rejected by the destination server.

We recommend using the ‘QUARANTINE’ policy for DMARC

DMARC is the e-mail protocol for authentication and reporting which protects your online digital identity from being used in illegal activities (e.g. unauthorised financial transactions).

DMARC – acronym for Domain Based Message Authentication, Reporting and Conformance.
Authentication – is based on two authentication methods, the SPF (Sender Policy Framework) and the DKIM (DomainKeys Identified Mail)
Reporting – ensures visibility of rejected e-mails
Conformance – standardizes the manner in which rejected e-mails are handled, by applying flexible policies, namely none, quarantine or reject.

There are three types of DMARC policies:

NONE: All e-mails shall be sent. DMARC reports can be analysed to detect the sender of the e-mail on your behalf. Afterwards, you can move on to the next policy, Quarantine;
QUARANTINE: All e-mails which do not comply with DMARC validation will be marked as spam and automatically filtered by the destination server (they will enter the SPAM / JUNK directory);
REJECT: If this restrictive policy is employed, in the event that DMARC fails, the order to reject the e-mail will be sent to the destination server without being filtered. If this method is employed, no one will be able to send e-mails on your behalf.

Report an IT&C technical incident or problem