Presentation is loading. Please wait.

Presentation is loading. Please wait.

What Is DMARC Brian Reid Microsoft Office Servers and Services MVP

Published byBruce Elliott Modified over 6 years ago

Similar presentations

Presentation on theme: "What Is DMARC Brian Reid Microsoft Office Servers and Services MVP"— Presentation transcript:

1 What Is DMARC Brian Reid Microsoft Office Servers and Services MVP
Exchange Server Microsoft Certified Master

2 Business Compromise Email or Whaling Attacks
Business compromise attacks cost global industries over $5.3B last year (and $3B the year before) “SMEs have not historically been the target of cybercrime but in 2015 something drastically changed,” Toni Allen, UK head of client propositions at the British Standards Institute (BSI). According to the latest statistics released by cyber security firm Symantec, 1 in s in August 2017 was a phishing attack and the organization size does not impact this Business Compromise or Whaling Attacks

3 Important Terms for DMARC
Sender Policy Framework SPF DomainKeys Identified Mail DKIM Domain Message Authentication Reporting & Conformance DMARC

4 What Do I Need To Consider
Why should I care and what can I do about implementing DMARC? And also SPF and DKIM which are underlying technologies And how easy is it to implement?

5 SPF A DNS record that lists your senders of outbound to the internet Does not contain a policy on what you want the receiver to do if the fails SPF Works by validating the IP of the “return-path” address. This is the SMTP envelope “from” address and not the “From:” address you see in the (as s have two from addresses!) SPF does not protect against “From:” header address spoofing

6 Example SPF DNS Records
v=spf1 mx ip4: /32 ip4: /32 ip4: /32 include:spf.protection.outlook.com include:spf.mailer.net ~all v=spf1 ip4: ip4: ip4: ip4: include:_spf.salesforce.com include:spf.protection.outlook.com -all v=spf1 -all

7 DKIM Need a server or service that can add the encrypted header outbound and to optionally manage the keys and DNS records for you is sent in plain with encrypted hash of the original body and some headers added as additional header to Note: Sending server can choose what data to include in encrypted header A DNS record that contains a public key is needed to allow receiving server to decrypt the DKIM-Signature header on receipt and prove legitimacy The “selector” value allows you to have multiple public/private keys in use

8 Example DKIM DNS Records
Self managed DNS records, or pointers to other domain so someone else can manage the DNS and keys for you. TXT: Twitter: dkim._domainkey.twitter.com CNAME: selector1._domainkey.microsoft.com > selector1-microsoft-com._domainkey.microsoft.onmicrosoft.com > selector2-microsoft-com._domainkey.microsoft.onmicrosoft.com "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrZ6z … 6UvqP3QIDAQAB" "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQ … QIDAQAB; n=1024, ,1"

9 DKIM Headers In DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=RReWBO26GDxuLUCUnsguWs8KWvyIL+vsEKOpAKkgoU4=; b=nUrVswRdttMonJci+GCY8KqSNr1g5MVxrY/MMbTrlmzD56TXYR2KfGWZgX43D+aF7cCTywJ6Y+DGy9OBYRqkryQBDOv2EjmiUD5B3JLkSANGUogWd+LP3shUi8h4eZmvfECJI+pzJiTWa1UQlG3Lr3f3wUo+SMINnDo/FLgNxac= X-DkimResult-Test: Passed

10 DMARC Allows you to get reports back on the effectiveness of your SPF and DKIM investments Validates that the “From” header is the same as the domains validated by SPF and SKIM Provides clear instructions to the receiving server on what to do with s that fail SPF or DKIM Allows you to start simply and just report what your receivers are doing But later allows you to control what receivers should do with your that fails SPF or DKIM

11 Example DMARC DNS Records
Reporting Only v=DMARC1; p=none; I’d like receiver to quarantine authentication failures v=DMARC1; p=quarantine; The receiver should reject SPF or DKIM failures v=DMARC1; p=reject;

12 DMARC Reporting Attributes
DMARC Version, which is case sensitive (v) v=DMARC1; p=none; Daily analytics of passes and fails (rua) Copies of failed s (ruf)

13 More DMARC DNS Attributes
Treat Subdomains Differently v=DMARC1; p=none; sp=reject; Receive reports on SPF and/or DKIM failure and not only on both v=DMARC1; p=quarantine; fo=1 Defines a percentage of that DMARC applies to (5% in example) v=DMARC1; p=reject; pct=5

14 DMARC Aggregators Companies that take the analytics and forensic data and allow you to review and determine trends and issues Examples include Agari, Dmarcian, DMARCAnalyzer, Return Path and others

15 DMARC Aggregator Report Demo

16 DMARC Aggregator Report Demo

17 DMARC Aggregator Report Demo

18 DMARC Aggregator Report Demo

19 DMARC Aggregator Report Demo

20 DMARC Aggregator Report Demo

21 DMARC Aggregator Report Demo

22 DMARC Aggregator Report Demo

23 DMARC Aggregator Report Demo

24 DMARC Aggregator Report Demo

25 DMARC Aggregator Report Demo

26 DMARC Aggregator Report Demo

27 Call To Action Implement SPF and DKIM with DMARC reporting – know about your spoofing attacks Scale up to DMARC quarantine and then reject as reporting results allow – reduce your spoofing attacks Ensure you stay on top of required changes to SPF records, especially when visibility into who sends from your domain in hard to manage

Download ppt "What Is DMARC Brian Reid Microsoft Office Servers and Services MVP"

Similar presentations

TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
DNSSEC & Email Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
© UPU 2014 – All rights reserved Mitigating online risk for postal e-services.

© UPU 2014 – All rights reserved Mitigating online risk for postal e-services.
1 Aug. 3 rd, 2007Conference on Email and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.

DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.
Microsoft Ignite /16/2017 1:30 PM

Microsoft Ignite /16/2017 1:30 PM
Sender policy framework. Note: is a good reference source for SPFhttp://www.openspf.org/

Sender policy framework. Note: is a good reference source for SPFhttp://
Office 365 SMTP Relay June 2013. Relay Method Send to rcpts in domain Relay to Internet via O365 Configuration Requirements Requires Authentication.

Office 365 SMTP Relay June Relay Method Send to rcpts in domain Relay to Internet via O365 Configuration Requirements Requires Authentication.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
DomainKeys Identified Mail (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass  Derived from Yahoo DomainKeys and Cisco.

DomainKeys Identified Mail (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass  Derived from Yahoo DomainKeys and Cisco.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Identity Based Email Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.

Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.
CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.

CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.
1 The Business Case for DomainKeys Identified Mail.

1 The Business Case for DomainKeys Identified Mail.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
03/09/05Oregon State University X-Sig: An Email Signing Extension for the Simple Mail Transport Protocol (SMTP) Robert Rose 03/09/05.

03/09/05Oregon State University X-Sig: An Signing Extension for the Simple Mail Transport Protocol (SMTP) Robert Rose 03/09/05.
AQA Computing A2 © Nelson Thornes 2009 Section 6.4 1 Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Similar presentations

Ads by Google