🛡️ Free practice test question from: DMARC (Security+)

Understanding the Current Environment:

→ With a p=none policy, the company is in a monitoring phase. This allows them to collect data on all email traffic using DMARC aggregate reports without affecting email delivery.

→ Monitoring helps identify all legitimate sources of email, ensuring that when stricter policies are applied, legitimate business communications are not inadvertently blocked.

Minimizing Disruptions:

→ Immediately switching to a p=reject policy (A) could disrupt legitimate emails if some authorized senders aren't correctly configured for DMARC, DKIM, or SPF.

→ Reducing policy coverage (C) or removing DKIM and SPF (D) would weaken email security and undermine the effectiveness of DMARC.

Progressive Implementation:

→ By continuing to monitor, the IT security team can gradually enforce stricter DMARC policies (e.g., moving to p=quarantine and eventually to p=reject) based on the insights gained from the aggregate reports.

→ This step-by-step approach ensures that legitimate emails are authenticated correctly and reduces the risk of business communication disruptions.

Next Steps After Monitoring: Once the company has a clear understanding of their email sources and has ensured that all legitimate emails are properly authenticated, they can progressively move to stricter DMARC policies, such as p=quarantine and eventually p=reject.