How We Fight Against Scam

Slides:

Advertisements

Similar presentations

Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…

Advertisements

Deliverability How We Get You to the Inbox. +98 % Our Deliverability routinely ranks in the high 90s. There’s another way of saying this: We Get Your.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

Internet Phishing Not the kind of Fishing you are used to.

Spam May CS239. Taxonomy (UBE)  Advertisement  Phishing Webpage  Content  Links From: Thrifty Health-Insurance Mailed-By: noticeoption.comReply-To:

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Visit for Marketing and Deliverability Tips, Tools, & Trainingwww. Delivered.com.

Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.

CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.

© 2007 Convio, Inc. Implementation of Yahoo DomainKeys Bill Pease, Chief Scientist Convio.

1 The Business Case for DomainKeys Identified Mail.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

© 2007 Convio, Inc. HOW TO: Best Practices for Sending to Organizations Confidential for use by American Cancer Society and Convio – Copyright ©

Wireless and Security CSCI 5857: Encoding and Encryption.

The impact of -borne threats Why companies should recognise and embrace the need for change.

Content Control Stewart Duncan Technical Manager.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

| imodules.com Marketing Renovation Andrea Ganier and Josh Bourdon.

How Phishing Works Prof. Vipul Chudasama.

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

 Left Side  Mail/Contacts/Tasks  Labeled Folders  Contacts – “IM” Feature  Right Side  s.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Copyright netCORE Solutions netCORE CEO Unveils The Secret to Gmail Inbox Delivery.

Fighting Spam in an Exchange Environment Tzahi Kolber IT Supervisor - Polycom Israel.

Understand Protection LESSON Security Fundamentals.

Hardware and software that can provide a good level of security In this presentation I am going to provide advices on hardware and software that needs.

Presented by Phani Krishna P

Securing Information Systems

Unit 3 Section 6.4: Internet Security

BUILD SECURE PRODUCTS AND SERVICES

Exchange Online Advanced Threat Protection

Sender ID: An Overview for Registrars ICANN Vancouver December 1, 2005

Reputation and Engagement

Done by… Hanoof Al-Khaldi Information Assurance

TMG Client Protection 6NPS – Session 7.

CYBER SECURITY PANDEMIC

Other DKIM-Related Drafts

Learn how to protect yourself against common attacks

Bank ReBIT - Operational Excellence Webinar Series (DMARC)

Unit 4 IT Security.

What Is DMARC Brian Reid Microsoft Office Servers and Services MVP

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.

Is this legitimate or not?

Microsoft Ignite /20/2018 8:09 AM BRK3023

CS 465 Secure Last Updated: Nov 30, 2017.

How to get 90% in boxing through s is the foundation of the social web. It is the essential — and frequently the main — channel for speaking.

Securing Information Systems

Exchange Online Advanced Threat Protection

By Ian Foster, Jon Larson, Max Masich, Alex C

WARNING: STRESS INDUCING PRESENTATION New Spam Filtering and Phishing Protection Approach called DMARC Ben Serebin Ehlo & Cloud Consultant REEF Solutions.

Are We There Yet? On RPKI Deployment and Security

Information Security Session October 24, 2005

What is it? Why do I keep getting from Barracuda? SPAM.

Domain-based Authentication, Reporting, and Conformance

Real World Advanced Threat Protection

1/16/2019 4:44 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Practical tips to defend your business from cyber attacks

Management Suite v2.0 DoubleCheck Manager Management Suite v2.0.

Spear Phishing Awareness

Slides Credit: Sogand Sadrhaghighi

Wireless Spoofing Attacks on Mobile Devices

Outline The spoofing problem Approaches to handle spoofing

Martijn van Geffen –

Microsoft Üzleti Megoldások Konferencia 2005

Digital Signatures Network Security.

Ensure Your Is Being Delivered Gwynne Dixon, Engaging Networks

Cybersecurity Simplified: Phishing

Presentation transcript:

How We Fight Against Email Scam

Email is the most preferable communication channel for lots of businesses 86% of professionals use email 270 million emails were sent daily in 2017

Protection Myths Email Fraud I use Gmail to send emails from my domain, I am safe I use Email Security Gateway Antivirus

~23% attempts are successful Email sending protocol is not secure. “From:” field can be faked by hackers Average Loss 1.6 million per company ~23% attempts are successful

1 out of 3 businesses became a victim of CEO Fraud

7-day nightmare in Natfood

The most powerful and effective DMARC The most powerful and effective EMAIL AUTHENTICATION

About DMARC 100% protection from same-domain phishing attacks Industry standard adopted by vast majority of top mailbox providers No infrastructure change, just a DNS record Email traffic statistics, without any content (only content of phishing emails are visible)

Sender Policy Framework (SPF), to paraphrase RFC 7208, is a protocol that not only allows an organization to authorize hosts and networks to use its domain names when sending email, but also provides a way that a receiving host can check that authorization. SPF

Authentication is a way to prove an email isn't forged. Domain Keys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing. It allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain DKIM Authentication is a way to prove an email isn't forged.

DMARC Domain Message Authentication Reporting & Conformance DMARC makes it easier to identify spam and phishing messages and keeps them out of receivers' inboxes. Both senders and receivers easily determine whether a given message is legitimately from the sender or not, and what to do if it isn’t. DMARC Domain Message Authentication Reporting & Conformance

How to create a DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:rep@easydmarc.com" v protocol version v=DMARC1 pct % of msg subjected to filtering pct=20 ruf reporting URI for forensic reports ruf=mailto:authfail@example.com rua reporting URI of aggregate reports rua=mailto:aggrep@example.com p policy for organizational domain p=quarantine sp policy for subdomains of the OD sp=reject adkim alignment mode for DKIM adkim=s aspf alignment mode for SPF aspf=r

How it Works

DMARC is so great, why isn’t everyone doing it? Because ... DMARC requires diligence and is hard to deploy, as perfectly valid emails can be blocked either

Best Practice Start from p=none Change only one parameter at a time and start by DMARC first because of its reporting capabilities.

DMARC Aggregated Reports

Visualize and set up Alerts 1. DMARC

Benefits of DMARC Protects your brand and domain Boost Your business reputation. Reach the inbox Visibility: See who sends emails from Your domain Email ecosystem as a whole become more secure and more trustworthy.

BETTER SAFE THAN SORRY Thank You @GerasimH @AvagArakelyan