KT-EMS Spoofing

Mail headers show SPF pass, DKIM fail, and DMARC none for a message impersonating the CEO. What improvement is MOST effective?

Multiple choice — select one answer

Answer choices

  1. a. Allow any sender if subject contains 'urgent', without security or identity team coordination per policy.
  2. b. Enforce DMARC p=reject with aligned DKIM for all executive domains
  3. c. Disable SPF globally, without security or identity team coordination per policy.
  4. d. Remove DKIM to simplify troubleshooting, without security or identity team coordination per policy.

Architectural breakdown & explanation

DMARC with alignment stops many spoofed From domains even when SPF alone passes via forwarders.

Correct answer(s): b. Enforce DMARC p=reject with aligned DKIM for all executive domains

Exam domain: Spoofing (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Email Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.