How to Prevent Email Spoofing with DKIM, DMARC & SPF
ฝัง
- เผยแพร่เมื่อ 6 มิ.ย. 2024
- Email was not designed with today's threats in mind, and can easily be forged to look like it came from anyone. A bad actor can abuse this to attack you and your customers. Here I discuss three technologies that can work together to protect your email addresses and prevent them being spoofed.
SPF: Sender Policy Framework
DKIM: DomainKeys Identified Mail
DMARC: Domain-based Message Authentication, Reporting, and Conformance
💬 Follow Me
/ andrewmrquinn
The Pro Tech Show provides tech, tips, and advice for IT Pros and decision-makers.
Video timestamps:
0:00 - Introduction
1:04 - Why Is Email so Easy to Spoof?
1:37 - The Problem with Digital Signatures (S/MIME)
2:41 - Use of DNS
3:22 - SPF Explained
5:12 - DKIM Explained
7:14 - DMARC Explained
10:27 - Where to Start
#Email #CyberSecurity #Spoofing - วิทยาศาสตร์และเทคโนโลยี
![Genshin Impact | กาชา Clorinde ไวฟุนั้น ควร C6 [เทสตัวละครต่อ]](http://i.ytimg.com/vi/SOVaBvL7K20/mqdefault.jpg)
If you found this useful, you may also want to make sure nobody else can ready your emails: th-cam.com/video/yfSCqK1hM18/w-d-xo.html
HELPFUL!!! I'm now able to wrap my (non-IT Pro) head around these concepts/protocols and have some idea about how to work towards SPF, DKIM, & DMARC implementation on my emails & domains. Muchas gracias!
Glad it helped!
Absolutely fantastic video. Fantastic! This is needed more than you could now. Thanks for this.
Glad to hear it helped!
Another great video, very detailed and well explained. Thanks for posting.
Thanks!
Thanks a lot, I manage domains and email for several organizations and have configured those records before but never truly understood the concepts behind DKIM and DMARC. Thanks for explaining them understandably and thoroughly. I'd love to see a future video on certificates too!
Glad it was helpful. I'm sure I'll get around to a video on certificates at some point!
Are you an email marketer
or an affiliate marketer
As a cybersecurity solutions sales rep, I can assure you that even if you tell businesses that their DMARC and DNSSEC is fucked, and that they have hundreds of staff emails and usernames all over the dark web, they don't give a fuck... They would rather sit and hope they're not at that business by the time they inevitably get hacked than be the one to put their hands up to suggest the business spend more money on cybersecurity...
Really great video, super helpful!
Thanks!
Nicely explained, thanks!👍
Thanks!
Thanks, nicely explained...
Glad it was useful!
This was very helpful. Thank you :)
Glad it was useful!
Great Video !
Thanks!
Good job!!!
Thanks!
Good explanation.
Thanks!
Yes my organisation email was spoofed today spammer sent mail to me from my own email 😡 and now I am going to implement spf , thanks man
SPF should help and if they start getting especially sneaky, DMARC will lock things down further. 👍
After watching a dozen different videos and reading countless articles I THINK this one helped, but I'm still struggling with something that recently happened. We've had SPF setup for a while and it's been working well but lately spoofed emails have been coming through (that appear to be sent by ourselves to ourselves - yet headers indcate it's clearly coming from somewhere else). When checking the headers I saw that SPF eval was PermError and this was due to one of the includes: having an error. What was confusing was that if the mail server couldn't validate SPF, why was the message coming through? I thought it was supposed to fail and be rejected. I've had to temporarily remove the third-party include but I don't know if this will solve the spoofing.
As a cybersecurity solutions sales rep, I can assure you that even if you tell businesses that their DMARC and DNSSEC is fucked, and that they have hundreds of staff emails and usernames all over the dark web, they don't give a fuck... They would rather sit and hope they're not at that business by the time they inevitably get hacked than be the one to put their hands up to suggest the business spend more money on cybersecurity...
Does the DMARC guidance override the SPF guidance (hard fail, soft fail,...)?
They both run in parallel so it's possible to pass SPF and fail DMARC or vice-versa. If one mechanism fails then that mechanism's policy defines what happens. If both failed then both polices would apply and the end result would be whatever the most restrictive one said.
@@ProTechShow Thank you for taking the time to respond!
Do yall do captions
Certainly do. I upload a set for every video. Check under the cog icon on a computer or the "..." menu on a mobile.
No...1...
One quick comment. SPF and DKIM I believe our prerequisites for DMARC, so you would need to implement both of those beforehand.
Yes and no. DMARC builds on these, so DMARC by itself is useless and the stronger SPF/DKIM are the stronger DMARC will be; but you don't need them fully implemented first to use DMARC. For example you could partially implement SPF with a soft-fail, then implement DMARC just for the reports, then use the DMARC reports to tighten up your SPF record and move it to a hard-fail, then change DMARC to a reject policy. At this point you may not even have touched DKIM, but DMARC helped with the implementation of SPF.
can you help me create emails thats looks historic.... that they are back dated?
That seems... dodgy
No. 1.......
I want to promote affiliate links and for that, I do emails marketing, all the time it goes in the spam folder or even not get sent to the receiver
plz help me what should I do
you know the DMARC and SPF policy so plz tell me accordingly
To be honest, it sounds like your emails are getting treated as spam because they're spam. It's hard to tell from a TH-cam comment of course.
If the recipients have agreed to receive your emails and the emails are providing value other than just pushing affiliate links then whichever marketing platform you're using should provide guidance about message reputation and delivery. If you're sending affiliate links to people who weren't expecting them then... well you shouldn't be doing that.
@@ProTechShow can you help me more
About how can I contact you
I can't provide individual advice. My day job is as an IT consultant. These videos are scoped so they don't create a conflict of interest for me with my employer, but if I were to start taking phone calls and emails from people that would cross a line. If you're using a marketing platform to send the emails then they likely have people who could provide you with more advice.
Anyone can send a message using DKIM, provided they have the private key of the sender right?
Yes. It's typically done by an SMTP service rather than an individual, and each service has its own key. So your antispam service might have a DKIM key to sign outbound mail, and maybe you use MailChimp for marketing and it has it's own key.
@@ProTechShow Thank you!
How do spammers get your mailing lists and then spoof emails back to you using your customer’s email account and an IP close to their real IP?? Is there a way to prevent this?!!!
An antispam service with decent anti-spoofing detection may help, but ultimately you need the supposed sender (in this case your customer) to take action and implement anti-spoofing measures on their side for it to be effective. Depending on your relationship with them you could set up mutual verification between your server and theirs so emails from their domain are always authenticated, but this involves a bit of work for both of you.
One of my customers takes the approach of telling every company they work with they expect them to set up SPF/DMARC. They can't enforce it, but there is an element of "help me help you" to it.
@@ProTechShow - thanks for the response however I think my customers are completely unaware that their emails have been hijacked.
@@ProTechShow - thanks for the reply however I don’t think my clients are even aware that their emails have been hijacked. Is there a way to prevent this??
You can't prevent it on their behalf. If it were me I'd let them know that they are being targeted by scammers. Feel free to link them to this video if it helps.
didn't show me how to block, just talking