RIVM and the central government did not have authentication against email spoofing in order

Spread the love

The RIVM and the central government did not have certain authentication settings for e-mail correctly. As a result, fake messages on behalf of these organizations would be let through by third parties and end up in users’ mailboxes.

E-mail spoofing turned out to be possible with the domains government.nl and rivm.nl, without the spam filters of major e-mail services stopping these fake messages. This is reported by RTL Z. Criminals could thus send phishing messages that appear to come from the RIVM or the central government, so that unsuspecting users would be more inclined to open the malicious emails.

On Twitter explains RTL journalist Daniel Verlaan that the problem was with incorrect settings of the dmarc authentication protocol for e-mail. This Domain-based Message Authentication, Reporting and Conformance protocol allows recipient email servers to verify messages based on a DNS entry from the domain owner. After authentication, the email services deliver the message. If the e-mail does not pass the check, quarantine, rejection or, depending on the setting, delivery will follow.

Dmarc is an extension on spf and dkim. Both are authentication methods that allow a recipient of an email to verify that a message from the sender’s domain was allowed to be sent from there. On Internet.nl of the Platform Internet Standards, organizations can check whether their mail service has the correct settings. Internet Society Nederland, NLNet, RIPE NCC and SIDN, among others, are involved in the Internet Standards Platform, as well as the Ministry of Economic Affairs and Climate.

All governments must have implemented strict settings for dmarc and spf from the end of 2019, in accordance with the target agreement from 2018 of the Government-wide Digital Government Policy Consultation on the advice of the Standardization Forum.

You might also like