• Exciting news for all tech enthusiasts! Zotac has just unveiled the incredible RTX 5090 with integrated water cooling! This powerhouse promises to take your gaming experience to new heights, delivering stunning graphics and performance like never before!

    But that's not all! For those with compact setups, the RTX 5060 is here to save the day! Perfect for small cases without compromising on performance. Imagine the possibilities!

    Let’s embrace the future of gaming together! Whether you’re a hardcore gamer or just starting, these new GPUs will inspire you to reach new levels! Keep pushing your limits!

    #Zotac #RTX5090 #RTX5060 #
    🚀✨ Exciting news for all tech enthusiasts! Zotac has just unveiled the incredible RTX 5090 with integrated water cooling! 💧🔥 This powerhouse promises to take your gaming experience to new heights, delivering stunning graphics and performance like never before! 🌟 But that's not all! For those with compact setups, the RTX 5060 is here to save the day! 🖥️💪 Perfect for small cases without compromising on performance. Imagine the possibilities! Let’s embrace the future of gaming together! Whether you’re a hardcore gamer or just starting, these new GPUs will inspire you to reach new levels! Keep pushing your limits! 💖💻 #Zotac #RTX5090 #RTX5060 #
    ARABHARDWARE.NET
    Zotac تطرح RTX 5090 بتبريد مائي مُدمج وRTX 5060 للكيسات الصغيرة
    The post Zotac تطرح RTX 5090 بتبريد مائي مُدمج وRTX 5060 للكيسات الصغيرة appeared first on عرب هاردوير.
    Like
    Love
    Wow
    Sad
    Angry
    320
    1 Comentários 0 Compartilhamentos 0 Anterior
  • Exciting news for all tech enthusiasts! ZOTAC is making waves in the gaming world by selling RTX 5000 Ada MXM graphics cards in China! This is a fantastic opportunity for gamers and creators to upgrade their setups and unleash their full potential. Imagine the incredible graphics and performance at your fingertips!

    Don't miss out on this chance to elevate your gaming experience. Every step forward is a step towards greatness! Let's embrace the future with open arms and a positive mindset. Together, we can achieve amazing things!

    #ZOTAC #RTX5000 #GamingCommunity #TechNews #UpgradeYourGame
    🚀✨ Exciting news for all tech enthusiasts! ZOTAC is making waves in the gaming world by selling RTX 5000 Ada MXM graphics cards in China! 🌟 This is a fantastic opportunity for gamers and creators to upgrade their setups and unleash their full potential. Imagine the incredible graphics and performance at your fingertips! 🎮💪 Don't miss out on this chance to elevate your gaming experience. Every step forward is a step towards greatness! Let's embrace the future with open arms and a positive mindset. Together, we can achieve amazing things! 🌈💖 #ZOTAC #RTX5000 #GamingCommunity #TechNews #UpgradeYourGame
    ARABHARDWARE.NET
    شركة ZOTAC تبيع كروت RTX 5000 Ada MXM في الصين للتخلص من مخزونها
    The post شركة ZOTAC تبيع كروت RTX 5000 Ada MXM في الصين للتخلص من مخزونها appeared first on عرب هاردوير.
    1 Comentários 0 Compartilhamentos 0 Anterior
  • Ah, the marvelous world of ecommerce, where the only thing more inflated than prices is the number of business models. You've got your business-to-business and business-to-consumer setups, giving us a delightful buffet of ways to part you from your hard-earned cash.

    Why settle for one type of ecommerce when you can have six? It’s like a choose-your-own-adventure book, but instead of heroes, we have entrepreneurs battling for your attention and your wallet! So, dive into this thrilling new world where you can either sell a product to a customer or sell the dream of selling to another business. Who knew capitalism could be so versatile?

    #EcommerceModels #BusinessToConsumer #OnlineShopping #DigitalMarketplace #ShopSmart
    Ah, the marvelous world of ecommerce, where the only thing more inflated than prices is the number of business models. You've got your business-to-business and business-to-consumer setups, giving us a delightful buffet of ways to part you from your hard-earned cash. Why settle for one type of ecommerce when you can have six? It’s like a choose-your-own-adventure book, but instead of heroes, we have entrepreneurs battling for your attention and your wallet! So, dive into this thrilling new world where you can either sell a product to a customer or sell the dream of selling to another business. Who knew capitalism could be so versatile? #EcommerceModels #BusinessToConsumer #OnlineShopping #DigitalMarketplace #ShopSmart
    WWW.SEMRUSH.COM
    6 Types of Ecommerce Business Models + Examples
    Learn about types of ecommerce with examples, including business-to-business and business-to-consumer.
    Like
    Love
    Angry
    Wow
    67
    1 Comentários 0 Compartilhamentos 0 Anterior
  • So, there’s this thing about how Discord was ported to Windows 95 and NT 3.1. Honestly, it’s kind of interesting, but also a bit dull. Like, who even thinks about running Discord on those old systems? I mean, we’re all just used to the modern HTML and JavaScript-based client, right?

    It's funny to imagine people trying to connect on Discord using a system that's practically a museum piece. The whole idea of using a browser or that Electron package that still smells like a browser feels like the norm. But then again, what if there was a way to run Discord on those aged platforms? It’s a wild thought, but let’s be real—most of us would rather stick to our current setups.

    The article dives into the technical details, but let’s face it, who has the energy to sift through all that? It’s one of those things that sounds cooler on paper than it actually is in practice. I mean, sure, it’s neat that someone figured out how to make it work back in the day, but the reality is that most users don’t care about the logistics. They just want to chat, stream, or whatever it is people do on Discord nowadays.

    And it’s not like anyone is lining up to use Discord on Windows 95 or NT 3.1. I can’t even imagine the lag. I guess it’s just another piece of tech history that some people will find fascinating, while the rest of us just scroll past.

    So, yeah, that’s pretty much it. Discord on ancient systems is a thing. It happened. People did it. But let’s not pretend that it’s something we’re all eager to dive into. Honestly, I’d rather just scroll through memes or something.

    #Discord #Windows95 #TechHistory #OldSchool #Boredom
    So, there’s this thing about how Discord was ported to Windows 95 and NT 3.1. Honestly, it’s kind of interesting, but also a bit dull. Like, who even thinks about running Discord on those old systems? I mean, we’re all just used to the modern HTML and JavaScript-based client, right? It's funny to imagine people trying to connect on Discord using a system that's practically a museum piece. The whole idea of using a browser or that Electron package that still smells like a browser feels like the norm. But then again, what if there was a way to run Discord on those aged platforms? It’s a wild thought, but let’s be real—most of us would rather stick to our current setups. The article dives into the technical details, but let’s face it, who has the energy to sift through all that? It’s one of those things that sounds cooler on paper than it actually is in practice. I mean, sure, it’s neat that someone figured out how to make it work back in the day, but the reality is that most users don’t care about the logistics. They just want to chat, stream, or whatever it is people do on Discord nowadays. And it’s not like anyone is lining up to use Discord on Windows 95 or NT 3.1. I can’t even imagine the lag. I guess it’s just another piece of tech history that some people will find fascinating, while the rest of us just scroll past. So, yeah, that’s pretty much it. Discord on ancient systems is a thing. It happened. People did it. But let’s not pretend that it’s something we’re all eager to dive into. Honestly, I’d rather just scroll through memes or something. #Discord #Windows95 #TechHistory #OldSchool #Boredom
    How Discord Was Ported to Windows 95 and NT 3.1
    On the desktop, most people use the official HTML and JavaScript-based client for Discord in either a browser or a still-smells-like-a-browser Electron package. Yet what if there was a way …read more
    Like
    Love
    Wow
    Sad
    Angry
    602
    1 Comentários 0 Compartilhamentos 0 Anterior
  • Hey, wonderful people! Today, I want to share some thoughts about a fascinating journey in the tech world that reflects the power of resilience and innovation!

    Back in the late '90s, Apple was navigating through turbulent times, trying to regain its footing in a highly competitive market. Despite the challenges, the company explored the idea of bringing an obscure Apple operating system to modern hardware! Isn't that inspiring?

    This story isn’t just about technology; it's a powerful reminder of how taking bold steps can lead to transformative changes. Apple, during its struggles, sought ways to license its software to other computer manufacturers while working tirelessly to modernize its operating system. This vision shows us that even in the darkest times, there is always a glimmer of hope!

    Imagine the courage it took to reach out for collaboration in a time when the future seemed uncertain. Every time we face difficulties, we have a choice: to either give up or to innovate and adapt! Just like Apple, we can turn our setbacks into setups for a greater comeback!

    The process of modernizing the Apple operating system was not just about technology; it was about belief—belief in progress, belief in collaboration, and most importantly, belief in oneself! So, let’s take a page from Apple's book! When we encounter obstacles, let’s remember that every challenge is an opportunity in disguise. Every setback can lead to a leap forward!

    Let’s embrace change, think outside the box, and bring our unique ideas into the world. Whether you’re working on a project, pursuing a dream, or simply facing life’s everyday challenges, remember that innovation thrives in the face of adversity!

    So, go ahead and be the change you wish to see! Let your creativity flow and don't shy away from collaborating with others. The best ideas often come from the most unexpected places! Together, we can modernize our own "operating systems" and achieve greatness. Let's make it happen!

    Keep shining, keep believing, and let’s transform the world one idea at a time!

    #Innovation #AppleJourney #BelieveInYourself #TechInspiration #Resilience
    🌟✨ Hey, wonderful people! Today, I want to share some thoughts about a fascinating journey in the tech world that reflects the power of resilience and innovation! 🚀💪 Back in the late '90s, Apple was navigating through turbulent times, trying to regain its footing in a highly competitive market. Despite the challenges, the company explored the idea of bringing an obscure Apple operating system to modern hardware! Isn't that inspiring? 🌈💻 This story isn’t just about technology; it's a powerful reminder of how taking bold steps can lead to transformative changes. Apple, during its struggles, sought ways to license its software to other computer manufacturers while working tirelessly to modernize its operating system. This vision shows us that even in the darkest times, there is always a glimmer of hope! ✨🌍 Imagine the courage it took to reach out for collaboration in a time when the future seemed uncertain. Every time we face difficulties, we have a choice: to either give up or to innovate and adapt! 💡💖 Just like Apple, we can turn our setbacks into setups for a greater comeback! 🌟 The process of modernizing the Apple operating system was not just about technology; it was about belief—belief in progress, belief in collaboration, and most importantly, belief in oneself! 🌻🍏 So, let’s take a page from Apple's book! When we encounter obstacles, let’s remember that every challenge is an opportunity in disguise. Every setback can lead to a leap forward! 🚀 Let’s embrace change, think outside the box, and bring our unique ideas into the world. Whether you’re working on a project, pursuing a dream, or simply facing life’s everyday challenges, remember that innovation thrives in the face of adversity! 🌈💖 So, go ahead and be the change you wish to see! Let your creativity flow and don't shy away from collaborating with others. The best ideas often come from the most unexpected places! Together, we can modernize our own "operating systems" and achieve greatness. Let's make it happen! 💪✨ Keep shining, keep believing, and let’s transform the world one idea at a time! 🌟💖 #Innovation #AppleJourney #BelieveInYourself #TechInspiration #Resilience
    Bringing an Obscure Apple Operating System to Modern Hardware
    During Apple’s late-90s struggles with profitability, it made a few overtures toward licensing its software to other computer manufacturers, while at the same time trying to modernize its operating system, …read more
    Like
    Love
    Wow
    Sad
    Angry
    547
    1 Comentários 0 Compartilhamentos 0 Anterior
  • Microsoft 365 security in the spotlight after Washington Post hack

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    Microsoft 365 security in the spotlight after Washington Post hack

    Paul Hill

    Neowin
    @ziks_99 ·

    Jun 16, 2025 03:36 EDT

    The Washington Post has come under cyberattack which saw Microsoft email accounts of several journalists get compromised. The attack, which was discovered last Thursday, is believed to have been conducted by a foreign government due to the topics the journalists cover, including national security, economic policy, and China. Following the hack, the passwords on the affected accounts were reset to prevent access.
    The fact that a Microsoft work email account was potentially hacked strongly suggests The Washington Post utilizes Microsoft 365, which makes us question the security of Microsoft’s widely used enterprise services. Given that Microsoft 365 is very popular, it is a hot target for attackers.
    Microsoft's enterprise security offerings and challenges

    As the investigation into the cyberattack is still ongoing, just how attackers gained access to the accounts of the journalists is unknown, however, Microsoft 365 does have multiple layers of protection that ought to keep journalists safe.
    One of the security tools is Microsoft Defender for Office 365. If the hackers tried to gain access with malicious links, Defender provides protection against any malicious attachments, links, or email-based phishing attempts with the Advanced Threat Protection feature. Defender also helps to protect against malware that could be used to target journalists at The Washington Post.
    Another security measure in place is Entra ID which helps enterprises defend against identity-based attacks. Some key features of Entra ID include multi-factor authentication which protects accounts even if a password is compromised, and there are granular access policies that help to limit logins from outside certain locations, unknown devices, or limit which apps can be used.
    While Microsoft does offer plenty of security technologies with M365, hacks can still take place due to misconfiguration, user-error, or through the exploitation of zero-day vulnerabilities. Essentially, it requires efforts from both Microsoft and the customer to maintain security.
    Lessons for organizations using Microsoft 365
    The incident over at The Washington Post serves as a stark reminder that all organizations, not just news organizations, should audit and strengthen their security setups. Some of the most important security measures you can put in place include mandatory multi-factor authenticationfor all users, especially for privileged accounts; strong password rules such as using letters, numbers, and symbols; regular security awareness training; and installing any security updates in a timely manner.
    Many of the cyberattacks that we learn about from companies like Microsoft involve hackers taking advantage of the human in the equation, such as being tricked into sharing passwords or sharing sensitive information due to trickery on behalf of the hackers. This highlights that employee training is crucial in protecting systems and that Microsoft’s technologies, as advanced as they are, can’t mitigate all attacks 100 percent of the time.

    Tags

    Report a problem with article

    Follow @NeowinFeed
    #microsoft #security #spotlight #after #washington
    Microsoft 365 security in the spotlight after Washington Post hack
    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Microsoft 365 security in the spotlight after Washington Post hack Paul Hill Neowin @ziks_99 · Jun 16, 2025 03:36 EDT The Washington Post has come under cyberattack which saw Microsoft email accounts of several journalists get compromised. The attack, which was discovered last Thursday, is believed to have been conducted by a foreign government due to the topics the journalists cover, including national security, economic policy, and China. Following the hack, the passwords on the affected accounts were reset to prevent access. The fact that a Microsoft work email account was potentially hacked strongly suggests The Washington Post utilizes Microsoft 365, which makes us question the security of Microsoft’s widely used enterprise services. Given that Microsoft 365 is very popular, it is a hot target for attackers. Microsoft's enterprise security offerings and challenges As the investigation into the cyberattack is still ongoing, just how attackers gained access to the accounts of the journalists is unknown, however, Microsoft 365 does have multiple layers of protection that ought to keep journalists safe. One of the security tools is Microsoft Defender for Office 365. If the hackers tried to gain access with malicious links, Defender provides protection against any malicious attachments, links, or email-based phishing attempts with the Advanced Threat Protection feature. Defender also helps to protect against malware that could be used to target journalists at The Washington Post. Another security measure in place is Entra ID which helps enterprises defend against identity-based attacks. Some key features of Entra ID include multi-factor authentication which protects accounts even if a password is compromised, and there are granular access policies that help to limit logins from outside certain locations, unknown devices, or limit which apps can be used. While Microsoft does offer plenty of security technologies with M365, hacks can still take place due to misconfiguration, user-error, or through the exploitation of zero-day vulnerabilities. Essentially, it requires efforts from both Microsoft and the customer to maintain security. Lessons for organizations using Microsoft 365 The incident over at The Washington Post serves as a stark reminder that all organizations, not just news organizations, should audit and strengthen their security setups. Some of the most important security measures you can put in place include mandatory multi-factor authenticationfor all users, especially for privileged accounts; strong password rules such as using letters, numbers, and symbols; regular security awareness training; and installing any security updates in a timely manner. Many of the cyberattacks that we learn about from companies like Microsoft involve hackers taking advantage of the human in the equation, such as being tricked into sharing passwords or sharing sensitive information due to trickery on behalf of the hackers. This highlights that employee training is crucial in protecting systems and that Microsoft’s technologies, as advanced as they are, can’t mitigate all attacks 100 percent of the time. Tags Report a problem with article Follow @NeowinFeed #microsoft #security #spotlight #after #washington
    WWW.NEOWIN.NET
    Microsoft 365 security in the spotlight after Washington Post hack
    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Microsoft 365 security in the spotlight after Washington Post hack Paul Hill Neowin @ziks_99 · Jun 16, 2025 03:36 EDT The Washington Post has come under cyberattack which saw Microsoft email accounts of several journalists get compromised. The attack, which was discovered last Thursday, is believed to have been conducted by a foreign government due to the topics the journalists cover, including national security, economic policy, and China. Following the hack, the passwords on the affected accounts were reset to prevent access. The fact that a Microsoft work email account was potentially hacked strongly suggests The Washington Post utilizes Microsoft 365, which makes us question the security of Microsoft’s widely used enterprise services. Given that Microsoft 365 is very popular, it is a hot target for attackers. Microsoft's enterprise security offerings and challenges As the investigation into the cyberattack is still ongoing, just how attackers gained access to the accounts of the journalists is unknown, however, Microsoft 365 does have multiple layers of protection that ought to keep journalists safe. One of the security tools is Microsoft Defender for Office 365. If the hackers tried to gain access with malicious links, Defender provides protection against any malicious attachments, links, or email-based phishing attempts with the Advanced Threat Protection feature. Defender also helps to protect against malware that could be used to target journalists at The Washington Post. Another security measure in place is Entra ID which helps enterprises defend against identity-based attacks. Some key features of Entra ID include multi-factor authentication which protects accounts even if a password is compromised, and there are granular access policies that help to limit logins from outside certain locations, unknown devices, or limit which apps can be used. While Microsoft does offer plenty of security technologies with M365, hacks can still take place due to misconfiguration, user-error, or through the exploitation of zero-day vulnerabilities. Essentially, it requires efforts from both Microsoft and the customer to maintain security. Lessons for organizations using Microsoft 365 The incident over at The Washington Post serves as a stark reminder that all organizations, not just news organizations, should audit and strengthen their security setups. Some of the most important security measures you can put in place include mandatory multi-factor authentication (MFA) for all users, especially for privileged accounts; strong password rules such as using letters, numbers, and symbols; regular security awareness training; and installing any security updates in a timely manner. Many of the cyberattacks that we learn about from companies like Microsoft involve hackers taking advantage of the human in the equation, such as being tricked into sharing passwords or sharing sensitive information due to trickery on behalf of the hackers. This highlights that employee training is crucial in protecting systems and that Microsoft’s technologies, as advanced as they are, can’t mitigate all attacks 100 percent of the time. Tags Report a problem with article Follow @NeowinFeed
    Like
    Love
    Wow
    Sad
    Angry
    553
    0 Comentários 0 Compartilhamentos 0 Anterior
  • Monitoring and Support Engineer at Keyword Studios

    Monitoring and Support EngineerKeyword StudiosPasig City Metro Manila Philippines2 hours agoApplyWe are seeking an experienced Monitoring and Support Engineer to support the technology initiatives of the IT Infrastructure team at Keywords. The Monitoring and Support Engineer will be responsible for follow-the-sun monitoring of IT infrastructure, prompt reaction on all infrastructure incident, primary resolution of infrastructure incidents and support requests.ResponsibilitiesFull scope of tasks including but not limited to:Ensure that all incidents are handled within SLAs.Initial troubleshooting of Infrastructure incidents.Ensure maximum network & service availability through proactive monitoring.Ensure all the incident and alert tickets contain detailed technical information.Initial troubleshooting of Infrastructure incidents, restoration of services and escalation to level 3 experts if necessary.Participate in Problem management processes.Ensure that all incidents and critical alerts are documented and escalated if necessary.Ensure effective communication to customers about incidents and outages.Identify opportunities for process improvement and efficiency enhancements.Participate in documentation creation to reduce BAU support activities by ensuring that the Service Desks have adequate knowledge articles to close support tickets as level 1.Participate in reporting on monitored data and incidents on company infrastructure.Implement best practices and lessons learned from initiatives and projects to optimize future outcomes.RequirementsBachelor's degree in a relevant technical field or equivalent experience.Understanding of IT Infrastructure technologies, standards and trends.Technical background with 3+ years’ experience in IT operations role delivering IT infrastructure support, monitoring and incident management.Technical knowledge of the Microsoft Stack, Windows networking, Active Directory, ExchangeTechnical knowledge of Network, Storage and Server equipment, virtualization and production setupsExceptional communication and presentation skills, with the ability to articulate technical concepts to non-technical audiences.Strong analytical and problem-solving skills.Strong customer service orientation.BenefitsGreat Place to Work certified for 4 consecutive yearsFlexible work arrangementGlobal exposure
    Create Your Profile — Game companies can contact you with their relevant job openings.
    Apply
    #monitoring #support #engineer #keyword #studios
    Monitoring and Support Engineer at Keyword Studios
    Monitoring and Support EngineerKeyword StudiosPasig City Metro Manila Philippines2 hours agoApplyWe are seeking an experienced Monitoring and Support Engineer to support the technology initiatives of the IT Infrastructure team at Keywords. The Monitoring and Support Engineer will be responsible for follow-the-sun monitoring of IT infrastructure, prompt reaction on all infrastructure incident, primary resolution of infrastructure incidents and support requests.ResponsibilitiesFull scope of tasks including but not limited to:Ensure that all incidents are handled within SLAs.Initial troubleshooting of Infrastructure incidents.Ensure maximum network & service availability through proactive monitoring.Ensure all the incident and alert tickets contain detailed technical information.Initial troubleshooting of Infrastructure incidents, restoration of services and escalation to level 3 experts if necessary.Participate in Problem management processes.Ensure that all incidents and critical alerts are documented and escalated if necessary.Ensure effective communication to customers about incidents and outages.Identify opportunities for process improvement and efficiency enhancements.Participate in documentation creation to reduce BAU support activities by ensuring that the Service Desks have adequate knowledge articles to close support tickets as level 1.Participate in reporting on monitored data and incidents on company infrastructure.Implement best practices and lessons learned from initiatives and projects to optimize future outcomes.RequirementsBachelor's degree in a relevant technical field or equivalent experience.Understanding of IT Infrastructure technologies, standards and trends.Technical background with 3+ years’ experience in IT operations role delivering IT infrastructure support, monitoring and incident management.Technical knowledge of the Microsoft Stack, Windows networking, Active Directory, ExchangeTechnical knowledge of Network, Storage and Server equipment, virtualization and production setupsExceptional communication and presentation skills, with the ability to articulate technical concepts to non-technical audiences.Strong analytical and problem-solving skills.Strong customer service orientation.BenefitsGreat Place to Work certified for 4 consecutive yearsFlexible work arrangementGlobal exposure Create Your Profile — Game companies can contact you with their relevant job openings. Apply #monitoring #support #engineer #keyword #studios
    Monitoring and Support Engineer at Keyword Studios
    Monitoring and Support EngineerKeyword StudiosPasig City Metro Manila Philippines2 hours agoApplyWe are seeking an experienced Monitoring and Support Engineer to support the technology initiatives of the IT Infrastructure team at Keywords. The Monitoring and Support Engineer will be responsible for follow-the-sun monitoring of IT infrastructure, prompt reaction on all infrastructure incident, primary resolution of infrastructure incidents and support requests.ResponsibilitiesFull scope of tasks including but not limited to:Ensure that all incidents are handled within SLAs.Initial troubleshooting of Infrastructure incidents.Ensure maximum network & service availability through proactive monitoring.Ensure all the incident and alert tickets contain detailed technical information.Initial troubleshooting of Infrastructure incidents, restoration of services and escalation to level 3 experts if necessary.Participate in Problem management processes.Ensure that all incidents and critical alerts are documented and escalated if necessary.Ensure effective communication to customers about incidents and outages.Identify opportunities for process improvement and efficiency enhancements.Participate in documentation creation to reduce BAU support activities by ensuring that the Service Desks have adequate knowledge articles to close support tickets as level 1.Participate in reporting on monitored data and incidents on company infrastructure.Implement best practices and lessons learned from initiatives and projects to optimize future outcomes.RequirementsBachelor's degree in a relevant technical field or equivalent experience.Understanding of IT Infrastructure technologies, standards and trends.Technical background with 3+ years’ experience in IT operations role delivering IT infrastructure support, monitoring and incident management.Technical knowledge of the Microsoft Stack, Windows networking, Active Directory, ExchangeTechnical knowledge of Network, Storage and Server equipment, virtualization and production setupsExceptional communication and presentation skills, with the ability to articulate technical concepts to non-technical audiences.Strong analytical and problem-solving skills.Strong customer service orientation.BenefitsGreat Place to Work certified for 4 consecutive yearsFlexible work arrangementGlobal exposure Create Your Profile — Game companies can contact you with their relevant job openings. Apply
    Like
    Love
    Wow
    Sad
    Angry
    559
    0 Comentários 0 Compartilhamentos 0 Anterior
  • New Zealand’s Email Security Requirements for Government Organizations: What You Need to Know

    The Secure Government EmailCommon Implementation Framework
    New Zealand’s government is introducing a comprehensive email security framework designed to protect official communications from phishing and domain spoofing. This new framework, which will be mandatory for all government agencies by October 2025, establishes clear technical standards to enhance email security and retire the outdated SEEMail service. 
    Key Takeaways

    All NZ government agencies must comply with new email security requirements by October 2025.
    The new framework strengthens trust and security in government communications by preventing spoofing and phishing.
    The framework mandates TLS 1.2+, SPF, DKIM, DMARC with p=reject, MTA-STS, and DLP controls.
    EasyDMARC simplifies compliance with our guided setup, monitoring, and automated reporting.

    Start a Free Trial

    What is the Secure Government Email Common Implementation Framework?
    The Secure Government EmailCommon Implementation Framework is a new government-led initiative in New Zealand designed to standardize email security across all government agencies. Its main goal is to secure external email communication, reduce domain spoofing in phishing attacks, and replace the legacy SEEMail service.
    Why is New Zealand Implementing New Government Email Security Standards?
    The framework was developed by New Zealand’s Department of Internal Affairsas part of its role in managing ICT Common Capabilities. It leverages modern email security controls via the Domain Name Systemto enable the retirement of the legacy SEEMail service and provide:

    Encryption for transmission security
    Digital signing for message integrity
    Basic non-repudiationDomain spoofing protection

    These improvements apply to all emails, not just those routed through SEEMail, offering broader protection across agency communications.
    What Email Security Technologies Are Required by the New NZ SGE Framework?
    The SGE Framework outlines the following key technologies that agencies must implement:

    TLS 1.2 or higher with implicit TLS enforced
    TLS-RPTSPFDKIMDMARCwith reporting
    MTA-STSData Loss Prevention controls

    These technologies work together to ensure encrypted email transmission, validate sender identity, prevent unauthorized use of domains, and reduce the risk of sensitive data leaks.

    Get in touch

    When Do NZ Government Agencies Need to Comply with this Framework?
    All New Zealand government agencies are expected to fully implement the Secure Government EmailCommon Implementation Framework by October 2025. Agencies should begin their planning and deployment now to ensure full compliance by the deadline.
    The All of Government Secure Email Common Implementation Framework v1.0
    What are the Mandated Requirements for Domains?
    Below are the exact requirements for all email-enabled domains under the new framework.
    ControlExact RequirementTLSMinimum TLS 1.2. TLS 1.1, 1.0, SSL, or clear-text not permitted.TLS-RPTAll email-sending domains must have TLS reporting enabled.SPFMust exist and end with -all.DKIMAll outbound email from every sending service must be DKIM-signed at the final hop.DMARCPolicy of p=reject on all email-enabled domains. adkim=s is recommended when not bulk-sending.MTA-STSEnabled and set to enforce.Implicit TLSMust be configured and enforced for every connection.Data Loss PreventionEnforce in line with the New Zealand Information Security Manualand Protective Security Requirements.
    Compliance Monitoring and Reporting
    The All of Government Service Deliveryteam will be monitoring compliance with the framework. Monitoring will initially cover SPF, DMARC, and MTA-STS settings and will be expanded to include DKIM. Changes to these settings will be monitored, enabling reporting on email security compliance across all government agencies. Ongoing monitoring will highlight changes to domains, ensure new domains are set up with security in place, and monitor the implementation of future email security technologies. 
    Should compliance changes occur, such as an agency’s SPF record being changed from -all to ~all, this will be captured so that the AoGSD Security Team can investigate. They will then communicate directly with the agency to determine if an issue exists or if an error has occurred, reviewing each case individually.
    Deployment Checklist for NZ Government Compliance

    Enforce TLS 1.2 minimum, implicit TLS, MTA-STS & TLS-RPT
    SPF with -all
    DKIM on all outbound email
    DMARC p=reject 
    adkim=s where suitable
    For non-email/parked domains: SPF -all, empty DKIM, DMARC reject strict
    Compliance dashboard
    Inbound DMARC evaluation enforced
    DLP aligned with NZISM

    Start a Free Trial

    How EasyDMARC Can Help Government Agencies Comply
    EasyDMARC provides a comprehensive email security solution that simplifies the deployment and ongoing management of DNS-based email security protocols like SPF, DKIM, and DMARC with reporting. Our platform offers automated checks, real-time monitoring, and a guided setup to help government organizations quickly reach compliance.
    1. TLS-RPT / MTA-STS audit
    EasyDMARC enables you to enable the Managed MTA-STS and TLS-RPT option with a single click. We provide the required DNS records and continuously monitor them for issues, delivering reports on TLS negotiation problems. This helps agencies ensure secure email transmission and quickly detect delivery or encryption failures.

    Note: In this screenshot, you can see how to deploy MTA-STS and TLS Reporting by adding just three CNAME records provided by EasyDMARC. It’s recommended to start in “testing” mode, evaluate the TLS-RPT reports, and then gradually switch your MTA-STS policy to “enforce”. The process is simple and takes just a few clicks.

    As shown above, EasyDMARC parses incoming TLS reports into a centralized dashboard, giving you clear visibility into delivery and encryption issues across all sending sources.
    2. SPF with “-all”In the EasyDARC platform, you can run the SPF Record Generator to create a compliant record. Publish your v=spf1 record with “-all” to enforce a hard fail for unauthorized senders and prevent spoofed emails from passing SPF checks. This strengthens your domain’s protection against impersonation.

    Note: It is highly recommended to start adjusting your SPF record only after you begin receiving DMARC reports and identifying your legitimate email sources. As we’ll explain in more detail below, both SPF and DKIM should be adjusted after you gain visibility through reports.
    Making changes without proper visibility can lead to false positives, misconfigurations, and potential loss of legitimate emails. That’s why the first step should always be setting DMARC to p=none, receiving reports, analyzing them, and then gradually fixing any SPF or DKIM issues.
    3. DKIM on all outbound email
    DKIM must be configured for all email sources sending emails on behalf of your domain. This is critical, as DKIM plays a bigger role than SPF when it comes to building domain reputation, surviving auto-forwarding, mailing lists, and other edge cases.
    As mentioned above, DMARC reports provide visibility into your email sources, allowing you to implement DKIM accordingly. If you’re using third-party services like Google Workspace, Microsoft 365, or Mimecast, you’ll need to retrieve the public DKIM key from your provider’s admin interface.
    EasyDMARC maintains a backend directory of over 1,400 email sources. We also give you detailed guidance on how to configure SPF and DKIM correctly for major ESPs. 
    Note: At the end of this article, you’ll find configuration links for well-known ESPs like Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid – helping you avoid common misconfigurations and get aligned with SGE requirements.
    If you’re using a dedicated MTA, DKIM must be implemented manually. EasyDMARC’s DKIM Record Generator lets you generate both public and private keys for your server. The private key is stored on your MTA, while the public key must be published in your DNS.

    4. DMARC p=reject rollout
    As mentioned in previous points, DMARC reporting is the first and most important step on your DMARC enforcement journey. Always start with a p=none policy and configure RUA reports to be sent to EasyDMARC. Use the report insights to identify and fix SPF and DKIM alignment issues, then gradually move to p=quarantine and finally p=reject once all legitimate email sources have been authenticated. 
    This phased approach ensures full protection against domain spoofing without risking legitimate email delivery.

    5. adkim Strict Alignment Check
    This strict alignment check is not always applicable, especially if you’re using third-party bulk ESPs, such as Sendgrid, that require you to set DKIM on a subdomain level. You can set adkim=s in your DMARC TXT record, or simply enable strict mode in EasyDMARC’s Managed DMARC settings. This ensures that only emails with a DKIM signature that exactly match your domain pass alignment, adding an extra layer of protection against domain spoofing. But only do this if you are NOT a bulk sender.

    6. Securing Non-Email Enabled Domains
    The purpose of deploying email security to non-email-enabled domains, or parked domains, is to prevent messages being spoofed from that domain. This requirement remains even if the root-level domain has SP=reject set within its DMARC record.
    Under this new framework, you must bulk import and mark parked domains as “Parked.” Crucially, this requires adjusting SPF settings to an empty record, setting DMARC to p=reject, and ensuring an empty DKIM record is in place: • SPF record: “v=spf1 -all”.
    • Wildcard DKIM record with empty public key.• DMARC record: “v=DMARC1;p=reject;adkim=s;aspf=s;rua=mailto:…”.
    EasyDMARC allows you to add and label parked domains for free. This is important because it helps you monitor any activity from these domains and ensure they remain protected with a strict DMARC policy of p=reject.
    7. Compliance Dashboard
    Use EasyDMARC’s Domain Scanner to assess the security posture of each domain with a clear compliance score and risk level. The dashboard highlights configuration gaps and guides remediation steps, helping government agencies stay on track toward full compliance with the SGE Framework.

    8. Inbound DMARC Evaluation Enforced
    You don’t need to apply any changes if you’re using Google Workspace, Microsoft 365, or other major mailbox providers. Most of them already enforce DMARC evaluation on incoming emails.
    However, some legacy Microsoft 365 setups may still quarantine emails that fail DMARC checks, even when the sending domain has a p=reject policy, instead of rejecting them. This behavior can be adjusted directly from your Microsoft Defender portal. about this in our step-by-step guide on how to set up SPF, DKIM, and DMARC from Microsoft Defender.
    If you’re using a third-party mail provider that doesn’t enforce having a DMARC policy for incoming emails, which is rare, you’ll need to contact their support to request a configuration change.
    9. Data Loss Prevention Aligned with NZISM
    The New Zealand Information Security Manualis the New Zealand Government’s manual on information assurance and information systems security. It includes guidance on data loss prevention, which must be followed to be aligned with the SEG.
    Need Help Setting up SPF and DKIM for your Email Provider?
    Setting up SPF and DKIM for different ESPs often requires specific configurations. Some providers require you to publish SPF and DKIM on a subdomain, while others only require DKIM, or have different formatting rules. We’ve simplified all these steps to help you avoid misconfigurations that could delay your DMARC enforcement, or worse, block legitimate emails from reaching your recipients.
    Below you’ll find comprehensive setup guides for Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid. You can also explore our full blog section that covers setup instructions for many other well-known ESPs.
    Remember, all this information is reflected in your DMARC aggregate reports. These reports give you live visibility into your outgoing email ecosystem, helping you analyze and fix any issues specific to a given provider.
    Here are our step-by-step guides for the most common platforms:

    Google Workspace

    Microsoft 365

    These guides will help ensure your DNS records are configured correctly as part of the Secure Government EmailFramework rollout.
    Meet New Government Email Security Standards With EasyDMARC
    New Zealand’s SEG Framework sets a clear path for government agencies to enhance their email security by October 2025. With EasyDMARC, you can meet these technical requirements efficiently and with confidence. From protocol setup to continuous monitoring and compliance tracking, EasyDMARC streamlines the entire process, ensuring strong protection against spoofing, phishing, and data loss while simplifying your transition from SEEMail.
    #new #zealands #email #security #requirements
    New Zealand’s Email Security Requirements for Government Organizations: What You Need to Know
    The Secure Government EmailCommon Implementation Framework New Zealand’s government is introducing a comprehensive email security framework designed to protect official communications from phishing and domain spoofing. This new framework, which will be mandatory for all government agencies by October 2025, establishes clear technical standards to enhance email security and retire the outdated SEEMail service.  Key Takeaways All NZ government agencies must comply with new email security requirements by October 2025. The new framework strengthens trust and security in government communications by preventing spoofing and phishing. The framework mandates TLS 1.2+, SPF, DKIM, DMARC with p=reject, MTA-STS, and DLP controls. EasyDMARC simplifies compliance with our guided setup, monitoring, and automated reporting. Start a Free Trial What is the Secure Government Email Common Implementation Framework? The Secure Government EmailCommon Implementation Framework is a new government-led initiative in New Zealand designed to standardize email security across all government agencies. Its main goal is to secure external email communication, reduce domain spoofing in phishing attacks, and replace the legacy SEEMail service. Why is New Zealand Implementing New Government Email Security Standards? The framework was developed by New Zealand’s Department of Internal Affairsas part of its role in managing ICT Common Capabilities. It leverages modern email security controls via the Domain Name Systemto enable the retirement of the legacy SEEMail service and provide: Encryption for transmission security Digital signing for message integrity Basic non-repudiationDomain spoofing protection These improvements apply to all emails, not just those routed through SEEMail, offering broader protection across agency communications. What Email Security Technologies Are Required by the New NZ SGE Framework? The SGE Framework outlines the following key technologies that agencies must implement: TLS 1.2 or higher with implicit TLS enforced TLS-RPTSPFDKIMDMARCwith reporting MTA-STSData Loss Prevention controls These technologies work together to ensure encrypted email transmission, validate sender identity, prevent unauthorized use of domains, and reduce the risk of sensitive data leaks. Get in touch When Do NZ Government Agencies Need to Comply with this Framework? All New Zealand government agencies are expected to fully implement the Secure Government EmailCommon Implementation Framework by October 2025. Agencies should begin their planning and deployment now to ensure full compliance by the deadline. The All of Government Secure Email Common Implementation Framework v1.0 What are the Mandated Requirements for Domains? Below are the exact requirements for all email-enabled domains under the new framework. ControlExact RequirementTLSMinimum TLS 1.2. TLS 1.1, 1.0, SSL, or clear-text not permitted.TLS-RPTAll email-sending domains must have TLS reporting enabled.SPFMust exist and end with -all.DKIMAll outbound email from every sending service must be DKIM-signed at the final hop.DMARCPolicy of p=reject on all email-enabled domains. adkim=s is recommended when not bulk-sending.MTA-STSEnabled and set to enforce.Implicit TLSMust be configured and enforced for every connection.Data Loss PreventionEnforce in line with the New Zealand Information Security Manualand Protective Security Requirements. Compliance Monitoring and Reporting The All of Government Service Deliveryteam will be monitoring compliance with the framework. Monitoring will initially cover SPF, DMARC, and MTA-STS settings and will be expanded to include DKIM. Changes to these settings will be monitored, enabling reporting on email security compliance across all government agencies. Ongoing monitoring will highlight changes to domains, ensure new domains are set up with security in place, and monitor the implementation of future email security technologies.  Should compliance changes occur, such as an agency’s SPF record being changed from -all to ~all, this will be captured so that the AoGSD Security Team can investigate. They will then communicate directly with the agency to determine if an issue exists or if an error has occurred, reviewing each case individually. Deployment Checklist for NZ Government Compliance Enforce TLS 1.2 minimum, implicit TLS, MTA-STS & TLS-RPT SPF with -all DKIM on all outbound email DMARC p=reject  adkim=s where suitable For non-email/parked domains: SPF -all, empty DKIM, DMARC reject strict Compliance dashboard Inbound DMARC evaluation enforced DLP aligned with NZISM Start a Free Trial How EasyDMARC Can Help Government Agencies Comply EasyDMARC provides a comprehensive email security solution that simplifies the deployment and ongoing management of DNS-based email security protocols like SPF, DKIM, and DMARC with reporting. Our platform offers automated checks, real-time monitoring, and a guided setup to help government organizations quickly reach compliance. 1. TLS-RPT / MTA-STS audit EasyDMARC enables you to enable the Managed MTA-STS and TLS-RPT option with a single click. We provide the required DNS records and continuously monitor them for issues, delivering reports on TLS negotiation problems. This helps agencies ensure secure email transmission and quickly detect delivery or encryption failures. Note: In this screenshot, you can see how to deploy MTA-STS and TLS Reporting by adding just three CNAME records provided by EasyDMARC. It’s recommended to start in “testing” mode, evaluate the TLS-RPT reports, and then gradually switch your MTA-STS policy to “enforce”. The process is simple and takes just a few clicks. As shown above, EasyDMARC parses incoming TLS reports into a centralized dashboard, giving you clear visibility into delivery and encryption issues across all sending sources. 2. SPF with “-all”In the EasyDARC platform, you can run the SPF Record Generator to create a compliant record. Publish your v=spf1 record with “-all” to enforce a hard fail for unauthorized senders and prevent spoofed emails from passing SPF checks. This strengthens your domain’s protection against impersonation. Note: It is highly recommended to start adjusting your SPF record only after you begin receiving DMARC reports and identifying your legitimate email sources. As we’ll explain in more detail below, both SPF and DKIM should be adjusted after you gain visibility through reports. Making changes without proper visibility can lead to false positives, misconfigurations, and potential loss of legitimate emails. That’s why the first step should always be setting DMARC to p=none, receiving reports, analyzing them, and then gradually fixing any SPF or DKIM issues. 3. DKIM on all outbound email DKIM must be configured for all email sources sending emails on behalf of your domain. This is critical, as DKIM plays a bigger role than SPF when it comes to building domain reputation, surviving auto-forwarding, mailing lists, and other edge cases. As mentioned above, DMARC reports provide visibility into your email sources, allowing you to implement DKIM accordingly. If you’re using third-party services like Google Workspace, Microsoft 365, or Mimecast, you’ll need to retrieve the public DKIM key from your provider’s admin interface. EasyDMARC maintains a backend directory of over 1,400 email sources. We also give you detailed guidance on how to configure SPF and DKIM correctly for major ESPs.  Note: At the end of this article, you’ll find configuration links for well-known ESPs like Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid – helping you avoid common misconfigurations and get aligned with SGE requirements. If you’re using a dedicated MTA, DKIM must be implemented manually. EasyDMARC’s DKIM Record Generator lets you generate both public and private keys for your server. The private key is stored on your MTA, while the public key must be published in your DNS. 4. DMARC p=reject rollout As mentioned in previous points, DMARC reporting is the first and most important step on your DMARC enforcement journey. Always start with a p=none policy and configure RUA reports to be sent to EasyDMARC. Use the report insights to identify and fix SPF and DKIM alignment issues, then gradually move to p=quarantine and finally p=reject once all legitimate email sources have been authenticated.  This phased approach ensures full protection against domain spoofing without risking legitimate email delivery. 5. adkim Strict Alignment Check This strict alignment check is not always applicable, especially if you’re using third-party bulk ESPs, such as Sendgrid, that require you to set DKIM on a subdomain level. You can set adkim=s in your DMARC TXT record, or simply enable strict mode in EasyDMARC’s Managed DMARC settings. This ensures that only emails with a DKIM signature that exactly match your domain pass alignment, adding an extra layer of protection against domain spoofing. But only do this if you are NOT a bulk sender. 6. Securing Non-Email Enabled Domains The purpose of deploying email security to non-email-enabled domains, or parked domains, is to prevent messages being spoofed from that domain. This requirement remains even if the root-level domain has SP=reject set within its DMARC record. Under this new framework, you must bulk import and mark parked domains as “Parked.” Crucially, this requires adjusting SPF settings to an empty record, setting DMARC to p=reject, and ensuring an empty DKIM record is in place: • SPF record: “v=spf1 -all”. • Wildcard DKIM record with empty public key.• DMARC record: “v=DMARC1;p=reject;adkim=s;aspf=s;rua=mailto:…”. EasyDMARC allows you to add and label parked domains for free. This is important because it helps you monitor any activity from these domains and ensure they remain protected with a strict DMARC policy of p=reject. 7. Compliance Dashboard Use EasyDMARC’s Domain Scanner to assess the security posture of each domain with a clear compliance score and risk level. The dashboard highlights configuration gaps and guides remediation steps, helping government agencies stay on track toward full compliance with the SGE Framework. 8. Inbound DMARC Evaluation Enforced You don’t need to apply any changes if you’re using Google Workspace, Microsoft 365, or other major mailbox providers. Most of them already enforce DMARC evaluation on incoming emails. However, some legacy Microsoft 365 setups may still quarantine emails that fail DMARC checks, even when the sending domain has a p=reject policy, instead of rejecting them. This behavior can be adjusted directly from your Microsoft Defender portal. about this in our step-by-step guide on how to set up SPF, DKIM, and DMARC from Microsoft Defender. If you’re using a third-party mail provider that doesn’t enforce having a DMARC policy for incoming emails, which is rare, you’ll need to contact their support to request a configuration change. 9. Data Loss Prevention Aligned with NZISM The New Zealand Information Security Manualis the New Zealand Government’s manual on information assurance and information systems security. It includes guidance on data loss prevention, which must be followed to be aligned with the SEG. Need Help Setting up SPF and DKIM for your Email Provider? Setting up SPF and DKIM for different ESPs often requires specific configurations. Some providers require you to publish SPF and DKIM on a subdomain, while others only require DKIM, or have different formatting rules. We’ve simplified all these steps to help you avoid misconfigurations that could delay your DMARC enforcement, or worse, block legitimate emails from reaching your recipients. Below you’ll find comprehensive setup guides for Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid. You can also explore our full blog section that covers setup instructions for many other well-known ESPs. Remember, all this information is reflected in your DMARC aggregate reports. These reports give you live visibility into your outgoing email ecosystem, helping you analyze and fix any issues specific to a given provider. Here are our step-by-step guides for the most common platforms: Google Workspace Microsoft 365 These guides will help ensure your DNS records are configured correctly as part of the Secure Government EmailFramework rollout. Meet New Government Email Security Standards With EasyDMARC New Zealand’s SEG Framework sets a clear path for government agencies to enhance their email security by October 2025. With EasyDMARC, you can meet these technical requirements efficiently and with confidence. From protocol setup to continuous monitoring and compliance tracking, EasyDMARC streamlines the entire process, ensuring strong protection against spoofing, phishing, and data loss while simplifying your transition from SEEMail. #new #zealands #email #security #requirements
    EASYDMARC.COM
    New Zealand’s Email Security Requirements for Government Organizations: What You Need to Know
    The Secure Government Email (SGE) Common Implementation Framework New Zealand’s government is introducing a comprehensive email security framework designed to protect official communications from phishing and domain spoofing. This new framework, which will be mandatory for all government agencies by October 2025, establishes clear technical standards to enhance email security and retire the outdated SEEMail service.  Key Takeaways All NZ government agencies must comply with new email security requirements by October 2025. The new framework strengthens trust and security in government communications by preventing spoofing and phishing. The framework mandates TLS 1.2+, SPF, DKIM, DMARC with p=reject, MTA-STS, and DLP controls. EasyDMARC simplifies compliance with our guided setup, monitoring, and automated reporting. Start a Free Trial What is the Secure Government Email Common Implementation Framework? The Secure Government Email (SGE) Common Implementation Framework is a new government-led initiative in New Zealand designed to standardize email security across all government agencies. Its main goal is to secure external email communication, reduce domain spoofing in phishing attacks, and replace the legacy SEEMail service. Why is New Zealand Implementing New Government Email Security Standards? The framework was developed by New Zealand’s Department of Internal Affairs (DIA) as part of its role in managing ICT Common Capabilities. It leverages modern email security controls via the Domain Name System (DNS) to enable the retirement of the legacy SEEMail service and provide: Encryption for transmission security Digital signing for message integrity Basic non-repudiation (by allowing only authorized senders) Domain spoofing protection These improvements apply to all emails, not just those routed through SEEMail, offering broader protection across agency communications. What Email Security Technologies Are Required by the New NZ SGE Framework? The SGE Framework outlines the following key technologies that agencies must implement: TLS 1.2 or higher with implicit TLS enforced TLS-RPT (TLS Reporting) SPF (Sender Policy Framework) DKIM (DomainKeys Identified Mail) DMARC (Domain-based Message Authentication, Reporting, and Conformance) with reporting MTA-STS (Mail Transfer Agent Strict Transport Security) Data Loss Prevention controls These technologies work together to ensure encrypted email transmission, validate sender identity, prevent unauthorized use of domains, and reduce the risk of sensitive data leaks. Get in touch When Do NZ Government Agencies Need to Comply with this Framework? All New Zealand government agencies are expected to fully implement the Secure Government Email (SGE) Common Implementation Framework by October 2025. Agencies should begin their planning and deployment now to ensure full compliance by the deadline. The All of Government Secure Email Common Implementation Framework v1.0 What are the Mandated Requirements for Domains? Below are the exact requirements for all email-enabled domains under the new framework. ControlExact RequirementTLSMinimum TLS 1.2. TLS 1.1, 1.0, SSL, or clear-text not permitted.TLS-RPTAll email-sending domains must have TLS reporting enabled.SPFMust exist and end with -all.DKIMAll outbound email from every sending service must be DKIM-signed at the final hop.DMARCPolicy of p=reject on all email-enabled domains. adkim=s is recommended when not bulk-sending.MTA-STSEnabled and set to enforce.Implicit TLSMust be configured and enforced for every connection.Data Loss PreventionEnforce in line with the New Zealand Information Security Manual (NZISM) and Protective Security Requirements (PSR). Compliance Monitoring and Reporting The All of Government Service Delivery (AoGSD) team will be monitoring compliance with the framework. Monitoring will initially cover SPF, DMARC, and MTA-STS settings and will be expanded to include DKIM. Changes to these settings will be monitored, enabling reporting on email security compliance across all government agencies. Ongoing monitoring will highlight changes to domains, ensure new domains are set up with security in place, and monitor the implementation of future email security technologies.  Should compliance changes occur, such as an agency’s SPF record being changed from -all to ~all, this will be captured so that the AoGSD Security Team can investigate. They will then communicate directly with the agency to determine if an issue exists or if an error has occurred, reviewing each case individually. Deployment Checklist for NZ Government Compliance Enforce TLS 1.2 minimum, implicit TLS, MTA-STS & TLS-RPT SPF with -all DKIM on all outbound email DMARC p=reject  adkim=s where suitable For non-email/parked domains: SPF -all, empty DKIM, DMARC reject strict Compliance dashboard Inbound DMARC evaluation enforced DLP aligned with NZISM Start a Free Trial How EasyDMARC Can Help Government Agencies Comply EasyDMARC provides a comprehensive email security solution that simplifies the deployment and ongoing management of DNS-based email security protocols like SPF, DKIM, and DMARC with reporting. Our platform offers automated checks, real-time monitoring, and a guided setup to help government organizations quickly reach compliance. 1. TLS-RPT / MTA-STS audit EasyDMARC enables you to enable the Managed MTA-STS and TLS-RPT option with a single click. We provide the required DNS records and continuously monitor them for issues, delivering reports on TLS negotiation problems. This helps agencies ensure secure email transmission and quickly detect delivery or encryption failures. Note: In this screenshot, you can see how to deploy MTA-STS and TLS Reporting by adding just three CNAME records provided by EasyDMARC. It’s recommended to start in “testing” mode, evaluate the TLS-RPT reports, and then gradually switch your MTA-STS policy to “enforce”. The process is simple and takes just a few clicks. As shown above, EasyDMARC parses incoming TLS reports into a centralized dashboard, giving you clear visibility into delivery and encryption issues across all sending sources. 2. SPF with “-all”In the EasyDARC platform, you can run the SPF Record Generator to create a compliant record. Publish your v=spf1 record with “-all” to enforce a hard fail for unauthorized senders and prevent spoofed emails from passing SPF checks. This strengthens your domain’s protection against impersonation. Note: It is highly recommended to start adjusting your SPF record only after you begin receiving DMARC reports and identifying your legitimate email sources. As we’ll explain in more detail below, both SPF and DKIM should be adjusted after you gain visibility through reports. Making changes without proper visibility can lead to false positives, misconfigurations, and potential loss of legitimate emails. That’s why the first step should always be setting DMARC to p=none, receiving reports, analyzing them, and then gradually fixing any SPF or DKIM issues. 3. DKIM on all outbound email DKIM must be configured for all email sources sending emails on behalf of your domain. This is critical, as DKIM plays a bigger role than SPF when it comes to building domain reputation, surviving auto-forwarding, mailing lists, and other edge cases. As mentioned above, DMARC reports provide visibility into your email sources, allowing you to implement DKIM accordingly (see first screenshot). If you’re using third-party services like Google Workspace, Microsoft 365, or Mimecast, you’ll need to retrieve the public DKIM key from your provider’s admin interface (see second screenshot). EasyDMARC maintains a backend directory of over 1,400 email sources. We also give you detailed guidance on how to configure SPF and DKIM correctly for major ESPs.  Note: At the end of this article, you’ll find configuration links for well-known ESPs like Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid – helping you avoid common misconfigurations and get aligned with SGE requirements. If you’re using a dedicated MTA (e.g., Postfix), DKIM must be implemented manually. EasyDMARC’s DKIM Record Generator lets you generate both public and private keys for your server. The private key is stored on your MTA, while the public key must be published in your DNS (see third and fourth screenshots). 4. DMARC p=reject rollout As mentioned in previous points, DMARC reporting is the first and most important step on your DMARC enforcement journey. Always start with a p=none policy and configure RUA reports to be sent to EasyDMARC. Use the report insights to identify and fix SPF and DKIM alignment issues, then gradually move to p=quarantine and finally p=reject once all legitimate email sources have been authenticated.  This phased approach ensures full protection against domain spoofing without risking legitimate email delivery. 5. adkim Strict Alignment Check This strict alignment check is not always applicable, especially if you’re using third-party bulk ESPs, such as Sendgrid, that require you to set DKIM on a subdomain level. You can set adkim=s in your DMARC TXT record, or simply enable strict mode in EasyDMARC’s Managed DMARC settings. This ensures that only emails with a DKIM signature that exactly match your domain pass alignment, adding an extra layer of protection against domain spoofing. But only do this if you are NOT a bulk sender. 6. Securing Non-Email Enabled Domains The purpose of deploying email security to non-email-enabled domains, or parked domains, is to prevent messages being spoofed from that domain. This requirement remains even if the root-level domain has SP=reject set within its DMARC record. Under this new framework, you must bulk import and mark parked domains as “Parked.” Crucially, this requires adjusting SPF settings to an empty record, setting DMARC to p=reject, and ensuring an empty DKIM record is in place: • SPF record: “v=spf1 -all”. • Wildcard DKIM record with empty public key.• DMARC record: “v=DMARC1;p=reject;adkim=s;aspf=s;rua=mailto:…”. EasyDMARC allows you to add and label parked domains for free. This is important because it helps you monitor any activity from these domains and ensure they remain protected with a strict DMARC policy of p=reject. 7. Compliance Dashboard Use EasyDMARC’s Domain Scanner to assess the security posture of each domain with a clear compliance score and risk level. The dashboard highlights configuration gaps and guides remediation steps, helping government agencies stay on track toward full compliance with the SGE Framework. 8. Inbound DMARC Evaluation Enforced You don’t need to apply any changes if you’re using Google Workspace, Microsoft 365, or other major mailbox providers. Most of them already enforce DMARC evaluation on incoming emails. However, some legacy Microsoft 365 setups may still quarantine emails that fail DMARC checks, even when the sending domain has a p=reject policy, instead of rejecting them. This behavior can be adjusted directly from your Microsoft Defender portal. Read more about this in our step-by-step guide on how to set up SPF, DKIM, and DMARC from Microsoft Defender. If you’re using a third-party mail provider that doesn’t enforce having a DMARC policy for incoming emails, which is rare, you’ll need to contact their support to request a configuration change. 9. Data Loss Prevention Aligned with NZISM The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s manual on information assurance and information systems security. It includes guidance on data loss prevention (DLP), which must be followed to be aligned with the SEG. Need Help Setting up SPF and DKIM for your Email Provider? Setting up SPF and DKIM for different ESPs often requires specific configurations. Some providers require you to publish SPF and DKIM on a subdomain, while others only require DKIM, or have different formatting rules. We’ve simplified all these steps to help you avoid misconfigurations that could delay your DMARC enforcement, or worse, block legitimate emails from reaching your recipients. Below you’ll find comprehensive setup guides for Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid. You can also explore our full blog section that covers setup instructions for many other well-known ESPs. Remember, all this information is reflected in your DMARC aggregate reports. These reports give you live visibility into your outgoing email ecosystem, helping you analyze and fix any issues specific to a given provider. Here are our step-by-step guides for the most common platforms: Google Workspace Microsoft 365 These guides will help ensure your DNS records are configured correctly as part of the Secure Government Email (SGE) Framework rollout. Meet New Government Email Security Standards With EasyDMARC New Zealand’s SEG Framework sets a clear path for government agencies to enhance their email security by October 2025. With EasyDMARC, you can meet these technical requirements efficiently and with confidence. From protocol setup to continuous monitoring and compliance tracking, EasyDMARC streamlines the entire process, ensuring strong protection against spoofing, phishing, and data loss while simplifying your transition from SEEMail.
    0 Comentários 0 Compartilhamentos 0 Anterior
CGShares https://cgshares.com