spf dkim and dmarc
play

SPF, DKIM and DMARC SPF stands for Sender Policy Framework, a record - PDF document

Feb 25, 2024 •32 likes •62 views

4/30/2019 (515) 229-5674 kkothari@sgcsecure.com Cheap Solutions to Cybersecurity Kaushal Kothari Audit Secure Guard Consulting Internal Security Assessment (515) 229-5674 External Security Assessment and External Penetration Testing

  1. 4/30/2019 (515) 229-5674 kkothari@sgcsecure.com Cheap Solutions to Cybersecurity Kaushal Kothari Audit Secure Guard Consulting Internal Security Assessment (515) 229-5674 External Security Assessment and External Penetration Testing kkothari@sgcsecure.com Social Engineering (phishing, phone, etc.) www.secureguardconsulting.com Cybersecurity / IT General Controls Review 1 • 2 step authentication on Registrar and DNS changes and/or monitor all changes made. • Establish project to enable 2 factor authentication on everywhere possible (515) 229-5674 kkothari@sgcsecure.com 2 SPF, DKIM and DMARC • SPF stands for Sender Policy Framework, a record on the DNS which specifies what IP addresses, IP address ranges, and/or domains can send email on the domain’s behalf. • DKIM stands for Domain Keys Identified Mail, which is essentially a digital signature involving both private and public (515) 229-5674 kkothari@sgcsecure.com keys (we list the public key below found on the bank’s DNS, private keys are confidential and restricted to the bank or designated individuals by the bank only). • DMARC stands for Domain Message Authentication Reporting and Conformance, which is another record on the DNS which indicates what receivers should do if either SPF or DKIM fails. 3 1

  2. 4/30/2019 SPF • https://www.kitterman.com/spf/validate.html • Gather IP addresses that are used to send email • Web server • Online Banking • Exchange Server or wherever email is hosted • Make a list of your sending and receiving domains • Create your SPF record • Start with v=spf1 (version 1) tag and follow it with the IP addresses that are authorized to send mail. (515) 229-5674 kkothari@sgcsecure.com For example, v=spf1 ip4:1.2.3.4 ip4:2.3.4.5 • If you use a third party to send email on behalf of the domain in question, you must add an “include” statement in your SPF record (e.g., include:thirdparty.com) to designate that third party as a legitimate sender • Once you have added all authorized IP addresses and include statements, end your record with an ~all or -all tag • An ~all tag indicates a soft SPF fail while an -all tag indicates a hard SPF fail. In the eyes of the major mailbox providers ~all and -all will both result in SPF failure. Return Path recommends an -all as it is the most secure record. • SPF records cannot be over 255 characters in length. Here’s an example of what your record might look like: • v=spf1 ip4:1.2.3.4 ip4:2.3.4.5 include:thirdparty.com -all • For your domains that do not send email, the SPF record will exclude any modifier with the exception of -all. Here’s an example record for a non-sending domain: • v=spf1 –all • Publish your SPF to DNS • Test your SPF Record 4 DKIM • https://www.port25.com/dkim-wizard/ • Gather IP addresses that are used to send email • Web server • Online Banking (515) 229-5674 kkothari@sgcsecure.com • Exchange Server or wherever email is hosted • Make a list of your sending and receiving domains • Choose a DKIM selector • Generate a public-private key pair • Store private key securely • Publish the selector and public key by creating the DKIM TXT record • Attach the token to each outgoing email. 5 DMARC • Make a list of your sending and receiving domains • https://mxtoolbox.com/DMARCRecordGenerator.aspx • none policy: You just want to monitor the DMARC results and you do not want to take specific action on all the failing (515) 229-5674 kkothari@sgcsecure.com emails. You can use the “none” policy to start with DMARC and gather all DMARC reports and start analyzing this data. • quarantine policy: You put the emails which fail the checks in quarantine. Most of these emails will end up in the junk folder of the receiver. • reject policy: You can reject all emails that fail the DMARC check. The email receivers should do this ‘on SMTP level’. The emails will bounce directly in the sending process. 6 2

  3. 4/30/2019 • Disable web based email. For those who need it, enable 2 factor authentication • PDQ Inventory or some other software inventory management tool • ARP Watch (515) 229-5674 kkothari@sgcsecure.com • Monitor user accounts across all systems • Train Train Train!!!! 7 3

Recommend

allman-dkim-ssp-02 Jim Fenton <fenton@cisco.com> IETF 68 Prague March 21, 2007 1

allman-dkim-ssp-02 Jim Fenton <fenton@cisco.com> IETF 68 Prague March 21, 2007 1

allman-dkim-ssp-02 Jim Fenton <fenton@cisco.com> IETF 68 Prague March 21, 2007 1 DKIM - IETF 68 SSP recent changes Removal of user policy Change in tag names to promote extensibility p -> dkim t -> dkimflag

248 views • 7 slides
IETF 78 TPA-Label for ADSP DKIM Third-Party Authorization Label draft-otis-dkim-tpa-label By

IETF 78 TPA-Label for ADSP DKIM Third-Party Authorization Label draft-otis-dkim-tpa-label By

IETF 78 TPA-Label for ADSP DKIM Third-Party Authorization Label draft-otis-dkim-tpa-label By Douglas Otis & Daniel Black Acceptance w/o Author Domain Signature and ADSP Reject or discard discardable w/o A-D sig breaks mailing lists

473 views • 10 slides
Third-Party DKIM Policy IETF 70 Transparent and Flexible Policy Compliance Douglas Otis

Third-Party DKIM Policy IETF 70 Transparent and Flexible Policy Compliance Douglas Otis

Third-Party DKIM Policy IETF 70 Transparent and Flexible Policy Compliance Douglas Otis Doug_Otis@trendmicro.com http://www.ietf.org/internet-drafts/draft-otis-dkim-tpa-ssp-02.txt SSP is based only upon the From header SSP assertions

364 views • 8 slides
Designing an open source DMARC aggregation tool. Yadvir Singh University of Amsterdam June 30,

Designing an open source DMARC aggregation tool. Yadvir Singh University of Amsterdam June 30,

Designing an open source DMARC aggregation tool. Yadvir Singh University of Amsterdam June 30, 2016 Supervised by Michiel Leenaars Yadvir Singh (University of Amsterdam) Designing an open source DMARC aggregation tool. June 30, 2016 1 / 17

439 views • 17 slides
DomainKeys Identified Mail Overview (-01) Eric Allman Sendmail, Inc. Overview of DKIM

DomainKeys Identified Mail Overview (-01) Eric Allman Sendmail, Inc. Overview of DKIM

DomainKeys Identified Mail Overview (-01) Eric Allman Sendmail, Inc. Overview of DKIM Cryptography-based protocol, signs selected header fields and message body Intended to: Enable reliable domain name based reputation lookups

432 views • 15 slides
SSL: Code Listing Authors: Meera Ganesan (meera.ganesan@intel.com) Dennis Kim (dkim@harris.com)

SSL: Code Listing Authors: Meera Ganesan (meera.ganesan@intel.com) Dennis Kim (dkim@harris.com)

String Searching Language SSL: Code Listing Authors: Meera Ganesan (meera.ganesan@intel.com) Dennis Kim (dkim@harris.com) Sandy MacDonald (sandymac@att.com) Satheesha Rangegowda (satheesha_rangegowda_923@agilent.com) SSL Page 1 05/12/2003

1.25k views • 39 slides
last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam, fishing, spoofing, virus More and more energy in spam fighting More and more messages lost because : Imperfect automatic filtering

334 views • 18 slides
Automatische Rotation von DKIM- Schlsseln Berlin | 10.05.2014 | Stefan Neben System Engineer,

Automatische Rotation von DKIM- Schlsseln Berlin | 10.05.2014 | Stefan Neben System Engineer,

www.immobilienscout24.de Automatische Rotation von DKIM- Schlsseln Berlin | 10.05.2014 | Stefan Neben System Engineer, stefan.neben@immobilienscout24.de Immobilien Scout GmbH Angefangen hat es vor 15 Jahren mit Telefon und Post

810 views • 33 slides
Practical DKIM Deployment ( for Mail Service Providers ) Daniel Black OVEE Systems Consultancy

Practical DKIM Deployment ( for Mail Service Providers ) Daniel Black OVEE Systems Consultancy

Practical DKIM Deployment ( for Mail Service Providers ) Daniel Black OVEE Systems Consultancy EMail Volume Desired mail Unwanted mail EMail Volume Desired mail Unwanted mail EMail Volume Desired mail Unwanted mail Email Filtering

775 views • 41 slides
Lessons Learned from A Three-Week Lessons Learned from A Three-Week Long User Study w ith

Lessons Learned from A Three-Week Lessons Learned from A Three-Week Long User Study w ith

Lessons Learned from A Three-Week Lessons Learned from A Three-Week Long User Study w ith post-SCI Long User Study w ith post-SCI Patients using UCF-MANUS ARM Patients using UCF-MANUS ARM Dae-Jin Kim, PhD dkim@mail.ucf.edu PI: Aman Behal,

351 views • 22 slides

More recommend