{"id":9331,"date":"2021-12-06T08:00:47","date_gmt":"2021-12-06T05:00:47","guid":{"rendered":"https:\/\/www.anm.ro\/en\/?page_id=9331"},"modified":"2023-03-02T09:57:18","modified_gmt":"2023-03-02T06:57:18","slug":"the-itc-security-policy","status":"publish","type":"page","link":"https:\/\/www.anm.ro\/en\/the-itc-security-policy\/","title":{"rendered":"The IT&C Security policy"},"content":{"rendered":"

Submission and receipt of messages by e-mail (e-mail@anm.ro) <\/strong>
\nIn line with the NAMMDR IT&C security procedures and the European Commission’s recommendations to counter phishing attacks, message authentication, reporting and compliance will be domain-based (Domain-based Message Authentication, Reporting and Conformance – DMARC).
\nSecurity issues recommended for e-mail delivery to the anm.ro domain:
\n\u2713<\/strong><\/span> DMARC (Domain-based Message Authentication, Reporting and Conformance)
\n\u2713<\/strong><\/span> SPF (Sender Policy Framework)
\n\u2713<\/strong><\/span> Reverse DNS
\n\u2713<\/strong><\/span> No Open Relay<\/p>\n

Recommendations for network administrators<\/strong> according to the National Cyber Security Directorate – https:\/\/dnsc.ro\/<\/a><\/p>\n

\u2022 Configuration of the server you manage (DNS, SPF – Sender Policy Framework and DKIM – Domain Key Identified Mail records), depending on your company’s\/institution’s security policy<\/strong><\/p>\n

SPF
\nThe SPF controls IP addresses, which are allowed to send e-mails on behalf of the domain. All e-mails are usually sent from the IP address assigned to the server. If the domain has a dedicated IP address, it must be authorised to send e-mails.
\n\"\"
\nDKIM
\nTo generate the key, go to opendkim.org
\nIt is vital to make sure that everything is fine in terms of SPF and DKIM settings! Otherwise, you may end up with legitimate e-mails being rejected by the destination server.<\/p>\n

\u2022 We recommend using the ‘QUARANTINE’ policy for DMARC<\/strong><\/p>\n

DMARC is the e-mail protocol for authentication and reporting which protects your online digital identity from being used in illegal activities (e.g. unauthorised financial transactions).<\/p>\n

DMARC<\/strong> – acronym for Domain Based Message Authentication, Reporting and Conformance.
\nAuthentication<\/strong> – is based on two authentication methods, the SPF (Sender Policy Framework) and the DKIM (DomainKeys Identified Mail)
\nReporting<\/strong> – ensures visibility of rejected e-mails
\nConformance<\/strong> – standardizes the manner in which rejected e-mails are handled, by applying flexible policies, namely none, quarantine or reject.<\/p>\n

\"\"
\nThere are three types of DMARC policies:<\/p>\n

\u2013 NONE<\/strong>: All e-mails shall be sent. DMARC reports can be analysed to detect the sender of the e-mail on your behalf. Afterwards, you can move on to the next policy, Quarantine;
\n\u2013 QUARANTINE<\/strong>: All e-mails which do not comply with DMARC validation will be marked as spam and automatically filtered by the destination server (they will enter the SPAM \/ JUNK directory);
\n\u2013 REJECT<\/strong>: If this restrictive policy is employed, in the event that DMARC fails, the order to reject the e-mail will be sent to the destination server without being filtered. If this method is employed, no one will be able to send e-mails on your behalf.<\/p>\n

Report an IT&C technical incident or problem<\/strong>
\n