DMARC coming to APH
Parliament has moved to roll out new message authentication.
The Department of Parliamentary Services (DPS) will soon deploy domain-based message authentication, reporting and conformance (DMARC) on its aph.gov.au domain.
Senate president Slade Brockman has told a senate estimates session that DMARC will be introduced in early December to protect email domains by “blocking emails generated by third-party distribution services”.
DPS received funding to introduce DMARC last financial year among new cyber security enhancements to the parliamentary computing network.
“These security changes mean that, from December 6 2021, emails generated by third parties using [an] aph.gov.au address will not be delivered,” Mr Brockman says.
Mr Brockman said DMARC will prevent “cyber criminals impersonating our official site to send phishing emails to constituents and clients” and “protect the aph.gov.au domain from being used for email spoofing, phishing attacks and cyber crimes”.
All Parliamentarians that use third-party distribution services have been told to create a new email domain if they want to continue sending emails using the same platforms.
“There are a range of applications that ... essentially use our domain to send emails but are not authorised to do that activity, and as of December 6 they will be prohibited,” Mr Brockman said.
“They are services that we don't manage or have any control over in the sense that we have no contractual arrangements with these vendors.”