The security engineer should modify the following to fix the email migration issues:
Email CNAME Record: The email CNAME record must be changed to a type A record pointing to 192.168.1.10. This is because CNAME records should not be used where an IP address (A record) is required. Changing it to an A record ensures direct pointing to the correct IP.
TXT Record for DMARC: The TXT record must be changed to " v=dmarc ip4:192.168.1.10 include
com -all " . This ensures proper configuration of DMARC (Domain-based Message Authentication, Reporting & Conformance) to include the correct IP address and the email service provider domain.
DMARC: Ensuring the DMARC record is correctly set up helps in preventing email spoofing and phishing, aligning with email security best practices.
[References:, CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl, RFC 7489: Domain-based Message Authentication, Reporting & Conformance (DMARC), NIST Special Publication 800-45: Guidelines on Electronic Mail Security, , , , , , , ]
Submit