Security News > 2021 > June > Most Federal Credit Unions Lack Strong Email Security Set Ups
As these aforementioned incidents all use email as the primary method of reaching out to potential victims, email security is an incredibly important aspect in the banks' efforts of protecting their customers.
When email security is properly enabled, only a bank's approved mail servers can send email messages from their official domains.
While the larger financial institutions have been able to implement these important email security measures to protect their customers, there is a part of the financial services industry that has not - Federal Credit Unions.
It is designed to be used temporarily, to let organizations be sure that their email security measures are properly set up and that legitimate emails are not failing SPF and DKIM tests.
As part of the standard, DMARC also enables organizations to receive reports from mail servers that received email messages from the domain, giving them visibility to potential spam campaigns as well as any issues with legitimate email messages.
The one credit union that had a DMARC record defined has set it up to send DMARC reports to a cyber security vendor, but as SPF and most likely DKIM have not been implemented it would not block any email spoofing campaigns.