Tim Draegen, ředitel společnočnosti Dmarcian.com představil technologii DMARC a její důležitost pro ochranu značky a domény. Představil její použití jako nástroj pro zabezpečení, zlepšení doručitelnosti, ale především jako nástroj, který může pomoci dostat se do souladu s GDPR.
7. Domain-based, Message, Authentication,
Reporting and Conformance
Overlay that:
● Builds on existing email authentication technology (SPF and DKIM),
● Provides feedback data to Domain Owners,
● Allows for blocking of unauthorized email.
7
8. How Does DMARC Work?
DMARC creates a link between a domain and a piece of email.
somebody@the_domain.com
... and is available to all domain owners. Today. Free.
8
9. Creating link between email and domain:
..is called email authentication. Two forms:
SPF (Sender Policy Framework)
➢ Publish a list of authorized servers. Receivers consult list
when processing incoming email.
➢ “path based”
DKIM (DomainKeys Identified Mail)
➢ Attach digital fingerprints/signatures to email. Receivers
verify if email came from domain.
➢ “signature based” 9
10. How Does DMARC Work?
DMARC tells senders how to
configure SPF and DKIM..
..which lets receivers perform
the same simple DMARC
check for all incoming email.
Consistency!
10
11. So what?
When all email from a
domain is compliant with
DMARC, receivers can be
told to block Not Real
email.
11
the_domain.com
X
X
X
12. Benefits of DMARC
When email is easy to identify, nice things happen:
Improved Security
➕ Simplified Delivery
➕ Consistent Compliance
Brand protection & Trust
12
13. Simplified Email Management
DMARC feedback provides a comprehensive picture of everyone sending using
your domains. Your own infrastructure, vendors, partners, abusers, everyone.
13
14. Simplified Email Management
All domains using DMARC means you can put in place consistent practices
across all your legitimate senders. Consistent brand policies across all email.
14
16. GDPR and DMARC
● The ~bad: DMARC forensic reports can contain sensitive data. Handling of
sensitive data introduces GDPR into your operations. But you don’t need
forensic reports for DMARC to be useful!
● Email can be very personalized. That personalization now comes with a
GDPR cost. All vendors need to be compliant with GDPR, or their non-
compliance becomes your problem.
● The good: You can easily identify who is sending on your behalf using
DMARC. Each sender can then be vetted for GDPR implications.
16
Editor's Notes
What is the problem. Simple question: Is this email real?
Hard to answer, even for experts.
Hard to answer.. even harder to do at Internet scale. Bad stuff leaks through; good stuff gets blocked.
By default, email can be faked. What if there was some way to make email easy to identify?
Lack of “easy identify” means phishing, brand erosion, delivery issues. Add “easy to identify” = send email people want.
What is DMARC? domain-based
Before DMARC, people did whatever they could with SPF and DKIM. Lots of ad hoc deployment. Big mess that receivers had to make useful.
But wait, there’s more! Began with Paypal, then few years later email delibery streamlining. Then visibility created compliance in email realm.
Can’t change the world of email if people have to pay for it!
Multi-channel marketing means that email profiles can be combined with other sources of data. Each source/vendor intersects with GDPR, with *you* being on the hook for compliance.