Thanks a lot, I manage domains and email for several organizations and have configured those records before but never truly understood the concepts behind DKIM and DMARC. Thanks for explaining them understandably and thoroughly. I'd love to see a future video on certificates too!
As a cybersecurity solutions sales rep, I can assure you that even if you tell businesses that their DMARC and DNSSEC is fucked, and that they have hundreds of staff emails and usernames all over the dark web, they don't give a fuck... They would rather sit and hope they're not at that business by the time they inevitably get hacked than be the one to put their hands up to suggest the business spend more money on cybersecurity...
Yes and no. DMARC builds on these, so DMARC by itself is useless and the stronger SPF/DKIM are the stronger DMARC will be; but you don't need them fully implemented first to use DMARC. For example you could partially implement SPF with a soft-fail, then implement DMARC just for the reports, then use the DMARC reports to tighten up your SPF record and move it to a hard-fail, then change DMARC to a reject policy. At this point you may not even have touched DKIM, but DMARC helped with the implementation of SPF.
HELPFUL!!! I'm now able to wrap my (non-IT Pro) head around these concepts/protocols and have some idea about how to work towards SPF, DKIM, & DMARC implementation on my emails & domains. Muchas gracias!
After watching a dozen different videos and reading countless articles I THINK this one helped, but I'm still struggling with something that recently happened. We've had SPF setup for a while and it's been working well but lately spoofed emails have been coming through (that appear to be sent by ourselves to ourselves - yet headers indcate it's clearly coming from somewhere else). When checking the headers I saw that SPF eval was PermError and this was due to one of the includes: having an error. What was confusing was that if the mail server couldn't validate SPF, why was the message coming through? I thought it was supposed to fail and be rejected. I've had to temporarily remove the third-party include but I don't know if this will solve the spoofing.
As a cybersecurity solutions sales rep, I can assure you that even if you tell businesses that their DMARC and DNSSEC is fucked, and that they have hundreds of staff emails and usernames all over the dark web, they don't give a fuck... They would rather sit and hope they're not at that business by the time they inevitably get hacked than be the one to put their hands up to suggest the business spend more money on cybersecurity...
They both run in parallel so it's possible to pass SPF and fail DMARC or vice-versa. If one mechanism fails then that mechanism's policy defines what happens. If both failed then both polices would apply and the end result would be whatever the most restrictive one said.
Yes. It's typically done by an SMTP service rather than an individual, and each service has its own key. So your antispam service might have a DKIM key to sign outbound mail, and maybe you use MailChimp for marketing and it has it's own key.
I want to promote affiliate links and for that, I do emails marketing, all the time it goes in the spam folder or even not get sent to the receiver plz help me what should I do you know the DMARC and SPF policy so plz tell me accordingly
To be honest, it sounds like your emails are getting treated as spam because they're spam. It's hard to tell from a TH-cam comment of course. If the recipients have agreed to receive your emails and the emails are providing value other than just pushing affiliate links then whichever marketing platform you're using should provide guidance about message reputation and delivery. If you're sending affiliate links to people who weren't expecting them then... well you shouldn't be doing that.
I can't provide individual advice. My day job is as an IT consultant. These videos are scoped so they don't create a conflict of interest for me with my employer, but if I were to start taking phone calls and emails from people that would cross a line. If you're using a marketing platform to send the emails then they likely have people who could provide you with more advice.
How do spammers get your mailing lists and then spoof emails back to you using your customer’s email account and an IP close to their real IP?? Is there a way to prevent this?!!!
An antispam service with decent anti-spoofing detection may help, but ultimately you need the supposed sender (in this case your customer) to take action and implement anti-spoofing measures on their side for it to be effective. Depending on your relationship with them you could set up mutual verification between your server and theirs so emails from their domain are always authenticated, but this involves a bit of work for both of you. One of my customers takes the approach of telling every company they work with they expect them to set up SPF/DMARC. They can't enforce it, but there is an element of "help me help you" to it.
@@ProTechShow - thanks for the reply however I don’t think my clients are even aware that their emails have been hijacked. Is there a way to prevent this??
You can't prevent it on their behalf. If it were me I'd let them know that they are being targeted by scammers. Feel free to link them to this video if it helps.
If you found this useful, you may also want to make sure nobody else can ready your emails: th-cam.com/video/yfSCqK1hM18/w-d-xo.html
Thanks a lot, I manage domains and email for several organizations and have configured those records before but never truly understood the concepts behind DKIM and DMARC. Thanks for explaining them understandably and thoroughly. I'd love to see a future video on certificates too!
Glad it was helpful. I'm sure I'll get around to a video on certificates at some point!
Are you an email marketer
or an affiliate marketer
As a cybersecurity solutions sales rep, I can assure you that even if you tell businesses that their DMARC and DNSSEC is fucked, and that they have hundreds of staff emails and usernames all over the dark web, they don't give a fuck... They would rather sit and hope they're not at that business by the time they inevitably get hacked than be the one to put their hands up to suggest the business spend more money on cybersecurity...
Yes my organisation email was spoofed today spammer sent mail to me from my own email 😡 and now I am going to implement spf , thanks man
SPF should help and if they start getting especially sneaky, DMARC will lock things down further. 👍
An explanation I can understand on how it works. Thank you.
Glad it was helpful
Absolutely fantastic video. Fantastic! This is needed more than you could now. Thanks for this.
Glad to hear it helped!
One quick comment. SPF and DKIM I believe our prerequisites for DMARC, so you would need to implement both of those beforehand.
Yes and no. DMARC builds on these, so DMARC by itself is useless and the stronger SPF/DKIM are the stronger DMARC will be; but you don't need them fully implemented first to use DMARC. For example you could partially implement SPF with a soft-fail, then implement DMARC just for the reports, then use the DMARC reports to tighten up your SPF record and move it to a hard-fail, then change DMARC to a reject policy. At this point you may not even have touched DKIM, but DMARC helped with the implementation of SPF.
HELPFUL!!! I'm now able to wrap my (non-IT Pro) head around these concepts/protocols and have some idea about how to work towards SPF, DKIM, & DMARC implementation on my emails & domains. Muchas gracias!
Glad it helped!
After watching a dozen different videos and reading countless articles I THINK this one helped, but I'm still struggling with something that recently happened. We've had SPF setup for a while and it's been working well but lately spoofed emails have been coming through (that appear to be sent by ourselves to ourselves - yet headers indcate it's clearly coming from somewhere else). When checking the headers I saw that SPF eval was PermError and this was due to one of the includes: having an error. What was confusing was that if the mail server couldn't validate SPF, why was the message coming through? I thought it was supposed to fail and be rejected. I've had to temporarily remove the third-party include but I don't know if this will solve the spoofing.
As a cybersecurity solutions sales rep, I can assure you that even if you tell businesses that their DMARC and DNSSEC is fucked, and that they have hundreds of staff emails and usernames all over the dark web, they don't give a fuck... They would rather sit and hope they're not at that business by the time they inevitably get hacked than be the one to put their hands up to suggest the business spend more money on cybersecurity...
Another great video, very detailed and well explained. Thanks for posting.
Thanks!
Thanks, nicely explained...
Glad it was useful!
Does the DMARC guidance override the SPF guidance (hard fail, soft fail,...)?
They both run in parallel so it's possible to pass SPF and fail DMARC or vice-versa. If one mechanism fails then that mechanism's policy defines what happens. If both failed then both polices would apply and the end result would be whatever the most restrictive one said.
@@ProTechShow Thank you for taking the time to respond!
Nicely explained, thanks!👍
Thanks!
Great Video !
Thanks!
can you help me create emails thats looks historic.... that they are back dated?
That seems... dodgy
Really great video, super helpful!
Thanks!
This was very helpful. Thank you :)
Glad it was useful!
Good explanation.
Thanks!
Do yall do captions
Certainly do. I upload a set for every video. Check under the cog icon on a computer or the "..." menu on a mobile.
Anyone can send a message using DKIM, provided they have the private key of the sender right?
Yes. It's typically done by an SMTP service rather than an individual, and each service has its own key. So your antispam service might have a DKIM key to sign outbound mail, and maybe you use MailChimp for marketing and it has it's own key.
@@ProTechShow Thank you!
Good job!!!
Thanks!
I want to promote affiliate links and for that, I do emails marketing, all the time it goes in the spam folder or even not get sent to the receiver
plz help me what should I do
you know the DMARC and SPF policy so plz tell me accordingly
To be honest, it sounds like your emails are getting treated as spam because they're spam. It's hard to tell from a TH-cam comment of course.
If the recipients have agreed to receive your emails and the emails are providing value other than just pushing affiliate links then whichever marketing platform you're using should provide guidance about message reputation and delivery. If you're sending affiliate links to people who weren't expecting them then... well you shouldn't be doing that.
@@ProTechShow can you help me more
About how can I contact you
I can't provide individual advice. My day job is as an IT consultant. These videos are scoped so they don't create a conflict of interest for me with my employer, but if I were to start taking phone calls and emails from people that would cross a line. If you're using a marketing platform to send the emails then they likely have people who could provide you with more advice.
How do spammers get your mailing lists and then spoof emails back to you using your customer’s email account and an IP close to their real IP?? Is there a way to prevent this?!!!
An antispam service with decent anti-spoofing detection may help, but ultimately you need the supposed sender (in this case your customer) to take action and implement anti-spoofing measures on their side for it to be effective. Depending on your relationship with them you could set up mutual verification between your server and theirs so emails from their domain are always authenticated, but this involves a bit of work for both of you.
One of my customers takes the approach of telling every company they work with they expect them to set up SPF/DMARC. They can't enforce it, but there is an element of "help me help you" to it.
@@ProTechShow - thanks for the response however I think my customers are completely unaware that their emails have been hijacked.
@@ProTechShow - thanks for the reply however I don’t think my clients are even aware that their emails have been hijacked. Is there a way to prevent this??
You can't prevent it on their behalf. If it were me I'd let them know that they are being targeted by scammers. Feel free to link them to this video if it helps.
No...1...
No. 1.......
didn't show me how to block, just talking