DMARC records are configured for an organisation’s domains (including subdomains) such that emails are rejected if they do not pass DMARC checks.
Topic
Domain-based Message Authentication, Reporting and Conformance
Applicable to
all
History
Priority
Should
Jun 2023
DMARC records are configured for an organisation’s domains (including subdomains) such that emails are rejected if they do not pass DMARC checks.
A minor grammatical change was made to the existing control relating to Domain-based Message Authentication, Reporting and Conformance (DMARC) records being configured for an organisation’s domains (including subdomains) such that emails are rejected if they do not pass DMARC checks.
Sep 2022
DMARC records are configured for all domains (including subdomains) such that emails are rejected if they do not pass DMARC checks.
xisting controls covering ‘domains’ were amended to ‘domains (including subdomains)’ to avoid confusion as to whether subdomains were in scope or out of scope for these controls.
Oct 2019
DMARC records are configured for all domains such that emails are rejected if they fail SPF or DKIM checks.
Security control 1540 was modified to remove references to Sender ID and to ensure that DMARC is used for all domains, not just those that have email servers.
Sep 2019
A DMARC record is configured specifying that emails from an organisation’s domains be rejected if they fail SPF/Sender ID or DKIM checks.
Nov 2018
A DMARC record is configured specifying that emails from an organisation’s domains be rejected if they fail SPF/Sender ID or DKIM checks.
Added to address a gap in guidance on the use of Domain-based Message Authentication, Reporting and Conformance (DMARC).