KT-EMS Spoofing

DMARC aggregate reports show 12% of mail using your domain fails alignment from unknown IPs. Action?

Multiple choice — select one answer

Answer choices

  1. a. Set DMARC to none permanently because reports are sufficient protection, without security or identity team coordination per policy.
  2. b. Allow all IPs to send as your domain to simplify vendor onboarding
  3. c. Move DMARC policy toward quarantine/reject after fixing authorized senders and DKIM signing
  4. d. Disable SPF because it conflicts with mailing lists and marketing tools, without security or identity team coordination per policy.

Architectural breakdown & explanation

DMARC enforcement stops many spoofed messages once legitimate sources are aligned.

Correct answer(s): c. Move DMARC policy toward quarantine/reject after fixing authorized senders and DKIM signing

Exam domain: Spoofing (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Email Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.