July 15

Webinar takeaway: Implement DMARC the Right Way to Keep Phishing Attacks Out of Your Inbox

0  comments

My key takeaways

  • DMARC uses SPF and/or DKIM
  • In 2021 the National Defense Authorization Act says the Department of Homeland Security (DHS) must implement DMARC US wide
  • there exists an RFC for "email from"
  • SPF = receiving email server checks MAIL FROM address or the
    domain’s IP address in the HELO handshake against the sender’s SPF
    DNS record
  • -all = hard fail, ~all = soft fail, +all = no fails
  • M$ protects O365 inboxes with "Additional Spoof Intelligence™"
  • Disable outdated SenderID by creating a TXT-record with spf2.0/pra ?all
  • enabled in Microsoft Exchange (2010/2013/2016) on premise with & $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1 and Set-SenderIDConfig -ExternalMailEnabled $false
  • you would not be able to use DKIM if your mailserver does not support it
    • eg on shared hosting mail servers
    • but also Exchange on-premise
  • Phishers create typo squatted domains and configure SPF, DKIM and DMARC perfectly, so this way the email wont be rejected
    • they use the weapons developed to stop them
  • SPF, DKIM, and DMARC is widely misconfigured, most commonly:
    • Missing records
    • Old, not updated key pairs
    • Bad IP addresses
    • Missed domains
  • Phishers use freemailers like hotmail and gmail, so SPF, DKIM and DMARC wont stop them
    • SPF, DKIM and DMARC is domain based, not email based

Env

additional links


Tags

deliverability, dkim, dmarc, email marketing, phishing, spf


You may also like

Ethical considerations in phishing tests: to inform employees or not?

Ethical considerations in phishing tests: to inform employees or not?

Webinar Takeaway: Roger Grimes Teaches You Phishing Mitigation

Webinar Takeaway: Roger Grimes Teaches You Phishing Mitigation
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}