Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Protect your domain with DMARC

452 views

Published on

The ability to easily identify a legit email message is changing the industry for the better.
Since 2012, dmarcian has been helping organizations of every size across the globe to deploy DMARC.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Protect your domain with DMARC

  1. 1. Master version 0.0.2 DMARC Domain-based Message Authentication Reporting & Conformance Martijn Groeneweg General Manager Europe, dmarcian Wesley Rietveld Sales Director Europe, dmarcian Marco Franceschetti, Head of Deliverability, Contactlab
  2. 2. 2 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Why you should care! DMARC? Should you as an email marketer care about DMARC? Why is domain authentication important? Why are there always new standards coming from the email ecosystem? Is it a mandatory requirement? Is it about security?
  3. 3. 3 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Gmail wants it Source: https://support.google.com/mail/answer/81126?hl=en
  4. 4. 4 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Gmail wants it
  5. 5. 5 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Authentication: SPF SPF – Path based on email’s path from the Sender (Contactlab) to the Mailbox provider. Works on "Envelope From" domain. Not on the "From" domain. Is it 100% sure? Sender / @example.com IP address DNS Server/ SPF Record Valid authentication? Yes / No MBP – filter mix
  6. 6. 6 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Authentication: DKIM DKIM – "validating a domain name identity that is associated with a message through cryptographic authentication". "DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. " www.dkim.org Is it a 100% sure method?
  7. 7. 7 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. What DMARC brings Source: https://support.google.com/a/answer/2466580 “You'll receive a daily report from each participating email provider so you can see how often your messages are authenticated, how often invalid messages are identified, and policy actions requested and taken by IP address.”
  8. 8. Protect your domain with DMARC
  9. 9. • Who we are • Why DMARC? • How DMARC works • Let’s phish Polizia di Stato and Banca d’Italia • PostNL case • Questions Agenda
  10. 10. Who we are
  11. 11. • Started in 2012 • dmarcian is the leading “Full Service” provider of DMARC Services • dmarcian has a regionalized European operations that meets European data requirements • dmarcian offers – Web based tooling – Deployment support – Support packages Who we are
  12. 12. • Customers – Banks, top internet properties, marketing agencies, telecoms and commercial enterprises of all sizes – More than 19.000 companies and organizations – More than 2.000.000 domains • About 25 people – CEO and founder Tim Draegen is primary author of DMARC spec and currently one of the chairs of the IETF DMARC working group – Scott Kitterman is one of the primary authors of SPF Who we are
  13. 13. Why DMARC?
  14. 14. Why DMARC?
  15. 15. For any given email: Real or Not Real? Why DMARC?
  16. 16. Why DMARC?
  17. 17. “95% of all attacks on enterprise networks are the results from successful spear phishing” Allen Paller, Director of Research - SANS Institute “The FBI reports a $2.3 Billion Loss to Spear Phishing and CEO Email Scams from Oct 2013 to Aug 2016. Since January 2015, the FBI has seen a 270% increase in Cybersecurity attacks.” fbi.gov Why DMARC?
  18. 18. Phishing is threat for online trust
  19. 19. • Monetary loss • Remediation cost • Reputation cost Cost of phishing
  20. 20. DMARC fixes email
  21. 21. Gmail question mark
  22. 22. Why DMARC • Delivery Use the same modern plumbing that mega companies use to deliver email. • Security Disallow unauthorized use of your email domain to protect people from spam, fraud, and phishing. • Visibility Gain visibility into who and what across the Internet is sending email using your email domain. • Identity Make your email easy to identify across the huge and growing footprint of DMARC-capable receivers.
  23. 23. How DMARC works
  24. 24. • DNS entry (TXT record _dmarc.example.com) • Builds on existing email authentication technology (SPF and DKIM) • Provides feedback data to Domain Owners • Allows for blocking of unauthorized email How DMARC works
  25. 25. DMARC Policy 1. p=none Monitoring, no impact on mailflows 2. p=quarantine Deliver to spam folder 3. p=reject Block email that fails the DMARC check
  26. 26. Return-Path: <foe@SAMPLE.net> Delivered-To: friend@example.org Authentication-Results: mail.example.org; spf=pass (example.org: domain of foe@sample.net designates 1.2.3.4 as permitted sender) smtp.mail=foe@sample.net; dkim=pass header.i=@sample.net Received: from .. DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=SAMPLE.net; s=february_2014; i=@sample.net; q=dns/txt; h= .. ; bh= .. ; b= .. Date: Wed, 19 Feb 2014 12:39:06 -0500 From: “Fred“ <foe@CLIENT.net> To: “Frank Riend” <friend@example.org> Subject: REMINDER – don’t mess this up, Frank! Hi, please don’t forget about the meeting. It’s very important! Your friend, Fred DMARC on From domain DKIM: d= domain SPF on Envelope domain = Mail From = Return Path misalignment DMARC To tie it all together. For a piece of email to be considered compliant with DMARC, the domain found in an email’s From: header must match either the SPF-validated domain or the originating domain found in a valid DKIM signature. If the domains match, receivers can safely assert that the email did come from the domain that it purports to come from. This is how easy-to-identify email is made possible. FAIL
  27. 27. Return-Path: <foe@CLIENT.net> Delivered-To: friend@example.org Authentication-Results: mail.example.org; spf=pass (example.org: domain of foe@sample.net designates 1.2.3.4 as permitted sender) smtp.mail=foe@sample.net; dkim=pass header.i=@sample.net Received: from .. DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=CLIENT.net; s=february_2014; i=@sample.net; q=dns/txt; h= .. ; bh= .. ; b= .. Date: Wed, 19 Feb 2014 12:39:06 -0500 From: “Fred“ <foe@CLIENT.net> To: “Frank Riend” <friend@example.org> Subject: REMINDER – don’t mess this up, Frank! Hi, please don’t forget about the meeting. It’s very important! Your friend, Fred DMARC on From domain DKIM: d= domain SPF on Envelope domain = Mail From = Return Path alignment DMARC To tie it all together. For a piece of email to be considered compliant with DMARC, the domain found in an email’s From: header must match either the SPF-validated domain or the originating domain found in a valid DKIM signature. If the domains match, receivers can safely assert that the email did come from the domain that it purports to come from. This is how easy-to-identify email is made possible. PASS on SPF & DKIM
  28. 28. Let’s phish Polizia di Stato and Banca d’Italia
  29. 29. Polizia di Stato
  30. 30. Polizia di Stato
  31. 31. Polizia di Stato
  32. 32. Polizia di Stato
  33. 33. Polizia di Stato
  34. 34. Internet.nl
  35. 35. Internet.nl
  36. 36. Internet.nl
  37. 37. Internet.nl
  38. 38. Do it the right way
  39. 39. PostNL case
  40. 40. PostNL Other customer
  41. 41. PostNL DMARC ROI •Reduced customer support 90.000 euro per year •Reduced cost of domain registrations 20.000 euro per year •Break even period 2 years (looking at direct cost only)
  42. 42. Q&A Session
  43. 43. 49 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. WEBINAR CONTACTLAB http://contactlab.com/it/landing/webinar/ HOME > EVENTI E RISORSE > WEBINAR See you next year Contacthub
  44. 44. Thank you! Marco Franceschetti Head of Deliverability marco.fraceschetti@contactlab.com Wesley Rietveld Sales Director Europe, dmarcian wesley@dmarcian.com Martijn Groeneweg General Manager Europe, dmarcian martijn@dmarcian.com

×