DMARCとJANOGメーリングリスト...Title janog39.5-dmarc-shtsuchi-00 Created Date 4/16/2017 8:02:59 AM
Protect your domain with DMARC
-
Upload
contactlab -
Category
Technology
-
view
165 -
download
1
Transcript of Protect your domain with DMARC
Master version 0.0.2
DMARCDomain-based Message
Authentication Reporting & Conformance
Martijn Groeneweg General Manager Europe, dmarcian
Wesley Rietveld Sales Director Europe, dmarcian
Marco Franceschetti, Head of Deliverability, Contactlab
2© Copyright 2017-2019 Contactlab
This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner.
Why you should care!
DMARC?
Should you as an email marketer care about DMARC?
Why is domain authentication important? Why are there always new standards coming from the email ecosystem?
Is it a mandatory requirement?
Is it about security?
3© Copyright 2017-2019 Contactlab
This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner.
Gmail wants it
Source: https://support.google.com/mail/answer/81126?hl=en
4© Copyright 2017-2019 Contactlab
This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner.
Gmail wants it
5© Copyright 2017-2019 Contactlab
This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner.
Authentication: SPF
SPF – Path based on email’s path from the Sender (Contactlab) to the Mailbox provider.
Works on "Envelope From" domain. Not on the "From" domain.
Is it 100% sure?
Sender / @example.com
IP address DNS Server/SPF Record
Valid authentication? Yes / No MBP – filter mix
6© Copyright 2017-2019 Contactlab
This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner.
Authentication: DKIM
DKIM – "validating a domain name identity that is associated with a message through cryptographic
authentication".
"DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in
transit. The organization is a handler of the message, either as its originator or as an intermediary. Their
reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. "
www.dkim.org
Is it a 100% sure method?
7© Copyright 2017-2019 Contactlab
This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner.
What DMARC brings
Source: https://support.google.com/a/answer/2466580
“You'll receive a daily report from each participating email provider so you can see how
often your messages are authenticated, how often invalid messages are identified,
and policy actions requested and taken by IP address.”
• Who we are
• Why DMARC?
• How DMARC works
• Let’s phish Polizia di Stato and Banca d’Italia
• PostNL case
• Questions
Agenda
• Started in 2012
• dmarcian is the leading “Full Service” provider of
DMARC Services
• dmarcian has a regionalized European operations that
meets European data requirements
• dmarcian offers
– Web based tooling
– Deployment support
– Support packages
Who we are
• Customers
– Banks, top internet properties, marketing agencies, telecoms
and commercial enterprises of all sizes
– More than 19.000 companies and organizations
– More than 2.000.000 domains
• About 25 people
– CEO and founder Tim Draegen is primary author of DMARC
spec and currently one of the chairs of the IETF DMARC
working group
– Scott Kitterman is one of the primary authors of SPF
Who we are
“95% of all attacks on enterprise networks are the results from successful spear phishing” Allen Paller, Director of Research - SANS Institute
“The FBI reports a $2.3 Billion Loss to Spear Phishing
and CEO Email Scams from Oct 2013 to Aug 2016.
Since January 2015, the FBI has seen a 270% increase
in Cybersecurity attacks.”fbi.gov
Why DMARC?
Why DMARC
• DeliveryUse the same modern plumbing that mega companies use to deliver email.
• SecurityDisallow unauthorized use of your email domain toprotect people from spam, fraud, and phishing.
• VisibilityGain visibility into who and what across theInternet is sending email using your email domain.
• IdentityMake your email easy to identify across the hugeand growing footprint of DMARC-capable receivers.
• DNS entry (TXT record _dmarc.example.com)
• Builds on existing email authentication technology (SPF and DKIM)
• Provides feedback data to Domain Owners
• Allows for blocking of unauthorized email
How DMARC works
DMARC Policy
1. p=none Monitoring, no impact on mailflows
2. p=quarantineDeliver to spam folder
3. p=rejectBlock email that fails the DMARC check
Return-Path: <[email protected]>
Delivered-To: [email protected]
Authentication-Results: mail.example.org; spf=pass (example.org: domain
of [email protected] designates 1.2.3.4 as permitted sender)
[email protected]; dkim=pass [email protected]
Received: from ..
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=SAMPLE.net;
s=february_2014; [email protected]; q=dns/txt; h= .. ; bh= .. ; b= ..
Date: Wed, 19 Feb 2014 12:39:06 -0500
From: “Fred“ <[email protected]>
To: “Frank Riend” <[email protected]>
Subject: REMINDER – don’t mess this up, Frank!
Hi, please don’t forget about the meeting. It’s very important!
Your friend,
Fred
DMARC on From domain
DKIM: d= domain
SPF on Envelope domain = Mail From = Return Path
misalignment
DMARC
To tie it all together. For a piece of email to be considered compliant with DMARC, the domain found in an email’sFrom: header must match either the SPF-validated domain or the originating domain found in a valid DKIM signature. If the domains match, receivers can safely assert that the email did come from the domain that it purports to comefrom. This is how easy-to-identify email is made possible.
FAIL
Return-Path: <[email protected]>
Delivered-To: [email protected]
Authentication-Results: mail.example.org; spf=pass (example.org: domain
of [email protected] designates 1.2.3.4 as permitted sender)
[email protected]; dkim=pass [email protected]
Received: from ..
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=CLIENT.net;
s=february_2014; [email protected]; q=dns/txt; h= .. ; bh= .. ; b= ..
Date: Wed, 19 Feb 2014 12:39:06 -0500
From: “Fred“ <[email protected]>
To: “Frank Riend” <[email protected]>
Subject: REMINDER – don’t mess this up, Frank!
Hi, please don’t forget about the meeting. It’s very important!
Your friend,
Fred
DMARC on From domain
DKIM: d= domain
SPF on Envelope domain = Mail From = Return Path
alignment
DMARC
To tie it all together. For a piece of email to be considered compliant with DMARC, the domain found in an email’sFrom: header must match either the SPF-validated domain or the originating domain found in a valid DKIM signature. If the domains match, receivers can safely assert that the email did come from the domain that it purports to comefrom. This is how easy-to-identify email is made possible.
PASS on SPF & DKIM
PostNL DMARC ROI
•Reduced customer support
90.000 euro per year
•Reduced cost of domain registrations
20.000 euro per year
•Break even period
2 years (looking at direct cost only)
49© Copyright 2017-2019 Contactlab
This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner.
WEBINAR CONTACTLAB
http://contactlab.com/it/landing/webinar/
HOME > EVENTI E RISORSE > WEBINAR
See you next yearContacthub
Thank you!
Marco Franceschetti
Head of Deliverability
Wesley Rietveld
Sales Director Europe, dmarcian
Martijn Groeneweg
General Manager Europe, dmarcian