SlideShare a Scribd company logo

Email Security Case Study

Rakuten Group, Inc.
Rakuten Group, Inc.

Rakuten Technology Conference 2019

Technology
1 of 26
Nov 9, 2019 Kenji Kitaura Channel Solution Section Data Science & AI Department Rakuten, Inc.
2       
3
4 Spoofing emails were sent which can’t be distinguished from fake and real.
5 Spoofing emails were sent which can’t be distinguished from fake and real. [【ご注意ください】楽天カードを装った不審なメール(カード利用お知らせメール) ・ https://ichiba.faq.rakuten.net/detail/000007165・2019/10/29] Highlight links to suspicious files
6  Damage brand image  Refrain from using services because of anxiety 
7 Ratio of email to Global Email Box Provider(EBP) such as @gmail.com has doubled in 6 years. Major EBPs are actively using sender authentication. They have been involved in it since the specification discussion.
8
9 TYPE OF EMAIL     Sender   Email Platform    … Rakuten sending various type of email from many platform. Managing all email is very difficult.
10
11    7.2% p=reject (Domain) Email sent by p=reject 56% ※ As of 2019/10/29 100% DMARC adaption
12 In the second half of last year, we focused on DKIM adaption. DMARC pass by SPF.
13
14 All domain reports are collected and analyzed in one system. Domain owners are able to see the detail DMARC, DKIM and SPF success rate for each platform.
15 Publish initial record with p=none Collect and analyze DMARC report DKIM & SPF implementation Policy ramp-up decision Initial Auditing Phase Policy Ramp-up Phase Ongoing monitoring Phase p=reject(quarantine and pct are option) Realtime email open rate monitoring in 2 days after changing Verify DMARC report Confirm Number of inquiries to call center DMARC success rate in sending platform Find unknown platform and check DMARC success rate Steps for introducing DMARC. At Rakuten, the goal is basically p=reject.
16
17 Since it is necessary to implement with many services, we asked for top-down and invited the operators to briefing session. CISO CxO (Executives) Service Director Operator Service Tech External tool Vendors Project Team Technical Assistant Guidance/Manual Seminar/Consultation Describe directly
18
19 There were occasional large phishing campaigns. There is always a certain amount of unauthorized emails in normal times. Rakuten Card p=reject 100% Other Major Domains p=reject 100%
20 An analysis of the DMARC report revealed email statistics.    
21 The number of phone calls regarding phishing has temporarily decreased by about 50% since the adaptation of DMARC with p=reject. DMARC p=reject implemented on 2017/11 Reject rate against unauthorized email
22
23 Yahoo! Mail is one of the most popular email services for customers in Japan. Last year, Yahoo! Japan and Rakuten began displaying brand images using DKIM as a measure against spoofing emails. [楽天サービスに対する不正対策・https://corp.rakuten.co.jp/security/anti-fraud/・2019/10/29] Brand Symbol
24   Rakuten is actively working to improve email security as a large email sender. As part of that activity, I participate in major conferences in this field.
25 Meet our Recruiting team for more details
Email Security Case Study

Recommended

Email Security Case Study in Rakuten at Rakuten Technology Conference 2019
Email Security Case Study in Rakuten at Rakuten Technology Conference 2019 Email Security Case Study in Rakuten at Rakuten Technology Conference 2019
Email Security Case Study in Rakuten at Rakuten Technology Conference 2019
顕志 北浦
 
DMARC adaption Case Study in Rakuten JPAAWG 2nd General Meeting
DMARC adaption Case Study in Rakuten JPAAWG 2nd General MeetingDMARC adaption Case Study in Rakuten JPAAWG 2nd General Meeting
DMARC adaption Case Study in Rakuten JPAAWG 2nd General Meeting
顕志 北浦
 
Protect your domain with DMARC
Protect your domain with DMARCProtect your domain with DMARC
Protect your domain with DMARC
Contactlab
 
A New Era of Email Deliverability: Tools of 250ok
A New Era of Email Deliverability: Tools of 250okA New Era of Email Deliverability: Tools of 250ok
A New Era of Email Deliverability: Tools of 250ok
Marketo
 
Graduate programme Software Developer
Graduate programme Software DeveloperGraduate programme Software Developer
Graduate programme Software Developer
TechMeetups
 
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
TigerGraph
 
Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008
HammerNJ
 
Final Report(SuddhasatwaSatpathy)
Final Report(SuddhasatwaSatpathy)Final Report(SuddhasatwaSatpathy)
Final Report(SuddhasatwaSatpathy)SkyBits Technologies Pvt. Ltd.
 

Recommended

Email Security Case Study in Rakuten at Rakuten Technology Conference 2019
Email Security Case Study in Rakuten at Rakuten Technology Conference 2019 Email Security Case Study in Rakuten at Rakuten Technology Conference 2019
Email Security Case Study in Rakuten at Rakuten Technology Conference 2019
顕志 北浦
 
DMARC adaption Case Study in Rakuten JPAAWG 2nd General Meeting
DMARC adaption Case Study in Rakuten JPAAWG 2nd General MeetingDMARC adaption Case Study in Rakuten JPAAWG 2nd General Meeting
DMARC adaption Case Study in Rakuten JPAAWG 2nd General Meeting
顕志 北浦
 
Protect your domain with DMARC
Protect your domain with DMARCProtect your domain with DMARC
Protect your domain with DMARC
Contactlab
 
A New Era of Email Deliverability: Tools of 250ok
A New Era of Email Deliverability: Tools of 250okA New Era of Email Deliverability: Tools of 250ok
A New Era of Email Deliverability: Tools of 250ok
Marketo
 
Graduate programme Software Developer
Graduate programme Software DeveloperGraduate programme Software Developer
Graduate programme Software Developer
TechMeetups
 
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
TigerGraph
 
Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008Infrastructure 2 0 Sales Preso Dec 2008
Infrastructure 2 0 Sales Preso Dec 2008
HammerNJ
 
Final Report(SuddhasatwaSatpathy)
Final Report(SuddhasatwaSatpathy)Final Report(SuddhasatwaSatpathy)
Final Report(SuddhasatwaSatpathy)SkyBits Technologies Pvt. Ltd.
 
IBM Global Entrepreneur Program
IBM Global Entrepreneur Program IBM Global Entrepreneur Program
IBM Global Entrepreneur Program
Hwee Lee Yeo
 
Aspera In Telco
Aspera In TelcoAspera In Telco
Aspera In Telco
Ziya F Cosar
 
What is a Bot and why you should care
What is a Bot and why you should careWhat is a Bot and why you should care
What is a Bot and why you should care
Elisabeth Bitsch-Christensen
 
Oep easybid
Oep easybidOep easybid
Oep easybidgjreddy2012
 
Blackberry -Turnaround
Blackberry -TurnaroundBlackberry -Turnaround
Blackberry -Turnaround
Amit Bhatia
 
Flat6 Labs Bahrain Cycle 5 Bootcamp Day 3
Flat6 Labs Bahrain Cycle 5 Bootcamp Day 3Flat6 Labs Bahrain Cycle 5 Bootcamp Day 3
Flat6 Labs Bahrain Cycle 5 Bootcamp Day 3
Dave Parker
 
BeyondVoice with SIPconnect Training
BeyondVoice with SIPconnect TrainingBeyondVoice with SIPconnect Training
BeyondVoice with SIPconnect Training
Greg Rothman
 
Get Control of Your Video Assett Workflow
Get Control of Your Video Assett WorkflowGet Control of Your Video Assett Workflow
Get Control of Your Video Assett Workflow
Ian Gibbs
 
Is Procure-to-Pay Destroying Value?
Is Procure-to-Pay Destroying Value?Is Procure-to-Pay Destroying Value?
Is Procure-to-Pay Destroying Value?
SirionLabs
 
Are you making these 14 Channel Marketing Mistakes? - ChannelEyes Webinar
Are you making these 14 Channel Marketing Mistakes? - ChannelEyes WebinarAre you making these 14 Channel Marketing Mistakes? - ChannelEyes Webinar
Are you making these 14 Channel Marketing Mistakes? - ChannelEyes Webinar
Jay McBain
 
Why Domino is still the best platform for Rapid Application Development!
Why Domino is still the best platform for Rapid Application Development!Why Domino is still the best platform for Rapid Application Development!
Why Domino is still the best platform for Rapid Application Development!
Tony Ollivier
 
Campus Gurus
Campus Gurus Campus Gurus
Campus Gurus
CollegeStartup
 
IP on top of Microsoft Dynamics CRM
IP on top of Microsoft Dynamics CRMIP on top of Microsoft Dynamics CRM
IP on top of Microsoft Dynamics CRM
Wim Geukens
 
Overcoming the 3 Challenges to Optimizing Your Email Program
Overcoming the 3 Challenges to Optimizing Your Email ProgramOvercoming the 3 Challenges to Optimizing Your Email Program
Overcoming the 3 Challenges to Optimizing Your Email Program
LiveIntent
 
Cadence strategy
Cadence strategyCadence strategy
Cadence strategy
SalesLoftTraining
 
Using Return Path Data to Protect Your Brand: Security Breakout Session - Chi...
Using Return Path Data to Protect Your Brand: Security Breakout Session - Chi...Using Return Path Data to Protect Your Brand: Security Breakout Session - Chi...
Using Return Path Data to Protect Your Brand: Security Breakout Session - Chi...
Return Path
 
On-Premises and Cloud - Putting the Pieces Together
On-Premises and Cloud - Putting the Pieces TogetherOn-Premises and Cloud - Putting the Pieces Together
On-Premises and Cloud - Putting the Pieces Together
SparkPost
 
Graduate programme QA engineer
Graduate programme QA engineerGraduate programme QA engineer
Graduate programme QA engineer
TechMeetups
 
Social Media #ProTips with Salesforce
Social Media #ProTips with SalesforceSocial Media #ProTips with Salesforce
Social Media #ProTips with Salesforce
Robin Leonard
 
Mini-Case Study Closing Projects at Global Green Books Pu.docx
Mini-Case Study Closing Projects at Global Green Books Pu.docxMini-Case Study Closing Projects at Global Green Books Pu.docx
Mini-Case Study Closing Projects at Global Green Books Pu.docx
altheaboyer
 
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
Rakuten Group, Inc.
 
楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり
Rakuten Group, Inc.
 

More Related Content

Similar to Email Security Case Study

IBM Global Entrepreneur Program
IBM Global Entrepreneur Program IBM Global Entrepreneur Program
IBM Global Entrepreneur Program
Hwee Lee Yeo
 
Aspera In Telco
Aspera In TelcoAspera In Telco
Aspera In Telco
Ziya F Cosar
 
What is a Bot and why you should care
What is a Bot and why you should careWhat is a Bot and why you should care
What is a Bot and why you should care
Elisabeth Bitsch-Christensen
 
Blackberry -Turnaround
Blackberry -TurnaroundBlackberry -Turnaround
Blackberry -Turnaround
Amit Bhatia
 
Flat6 Labs Bahrain Cycle 5 Bootcamp Day 3
Flat6 Labs Bahrain Cycle 5 Bootcamp Day 3Flat6 Labs Bahrain Cycle 5 Bootcamp Day 3
Flat6 Labs Bahrain Cycle 5 Bootcamp Day 3
Dave Parker
 
BeyondVoice with SIPconnect Training
BeyondVoice with SIPconnect TrainingBeyondVoice with SIPconnect Training
BeyondVoice with SIPconnect Training
Greg Rothman
 
Get Control of Your Video Assett Workflow
Get Control of Your Video Assett WorkflowGet Control of Your Video Assett Workflow
Get Control of Your Video Assett Workflow
Ian Gibbs
 
Is Procure-to-Pay Destroying Value?
Is Procure-to-Pay Destroying Value?Is Procure-to-Pay Destroying Value?
Is Procure-to-Pay Destroying Value?
SirionLabs
 
Are you making these 14 Channel Marketing Mistakes? - ChannelEyes Webinar
Are you making these 14 Channel Marketing Mistakes? - ChannelEyes WebinarAre you making these 14 Channel Marketing Mistakes? - ChannelEyes Webinar
Are you making these 14 Channel Marketing Mistakes? - ChannelEyes Webinar
Jay McBain
 
Why Domino is still the best platform for Rapid Application Development!
Why Domino is still the best platform for Rapid Application Development!Why Domino is still the best platform for Rapid Application Development!
Why Domino is still the best platform for Rapid Application Development!
Tony Ollivier
 
Campus Gurus
Campus Gurus Campus Gurus
Campus Gurus
CollegeStartup
 
IP on top of Microsoft Dynamics CRM
IP on top of Microsoft Dynamics CRMIP on top of Microsoft Dynamics CRM
IP on top of Microsoft Dynamics CRM
Wim Geukens
 
Overcoming the 3 Challenges to Optimizing Your Email Program
Overcoming the 3 Challenges to Optimizing Your Email ProgramOvercoming the 3 Challenges to Optimizing Your Email Program
Overcoming the 3 Challenges to Optimizing Your Email Program
LiveIntent
 
Cadence strategy
Cadence strategyCadence strategy
Cadence strategy
SalesLoftTraining
 
Using Return Path Data to Protect Your Brand: Security Breakout Session - Chi...
Using Return Path Data to Protect Your Brand: Security Breakout Session - Chi...Using Return Path Data to Protect Your Brand: Security Breakout Session - Chi...
Using Return Path Data to Protect Your Brand: Security Breakout Session - Chi...
Return Path
 
On-Premises and Cloud - Putting the Pieces Together
On-Premises and Cloud - Putting the Pieces TogetherOn-Premises and Cloud - Putting the Pieces Together
On-Premises and Cloud - Putting the Pieces Together
SparkPost
 
Graduate programme QA engineer
Graduate programme QA engineerGraduate programme QA engineer
Graduate programme QA engineer
TechMeetups
 
Social Media #ProTips with Salesforce
Social Media #ProTips with SalesforceSocial Media #ProTips with Salesforce
Social Media #ProTips with Salesforce
Robin Leonard
 
Mini-Case Study Closing Projects at Global Green Books Pu.docx
Mini-Case Study Closing Projects at Global Green Books Pu.docxMini-Case Study Closing Projects at Global Green Books Pu.docx
Mini-Case Study Closing Projects at Global Green Books Pu.docx
altheaboyer
 

Similar to Email Security Case Study (20)

IBM Global Entrepreneur Program
IBM Global Entrepreneur Program IBM Global Entrepreneur Program
IBM Global Entrepreneur Program
 
Aspera In Telco
Aspera In TelcoAspera In Telco
Aspera In Telco
 
What is a Bot and why you should care
What is a Bot and why you should careWhat is a Bot and why you should care
What is a Bot and why you should care
 
Oep easybid
Oep easybidOep easybid
Oep easybid
 
Blackberry -Turnaround
Blackberry -TurnaroundBlackberry -Turnaround
Blackberry -Turnaround
 
Flat6 Labs Bahrain Cycle 5 Bootcamp Day 3
Flat6 Labs Bahrain Cycle 5 Bootcamp Day 3Flat6 Labs Bahrain Cycle 5 Bootcamp Day 3
Flat6 Labs Bahrain Cycle 5 Bootcamp Day 3
 
BeyondVoice with SIPconnect Training
BeyondVoice with SIPconnect TrainingBeyondVoice with SIPconnect Training
BeyondVoice with SIPconnect Training
 
Get Control of Your Video Assett Workflow
Get Control of Your Video Assett WorkflowGet Control of Your Video Assett Workflow
Get Control of Your Video Assett Workflow
 
Is Procure-to-Pay Destroying Value?
Is Procure-to-Pay Destroying Value?Is Procure-to-Pay Destroying Value?
Is Procure-to-Pay Destroying Value?
 
Are you making these 14 Channel Marketing Mistakes? - ChannelEyes Webinar
Are you making these 14 Channel Marketing Mistakes? - ChannelEyes WebinarAre you making these 14 Channel Marketing Mistakes? - ChannelEyes Webinar
Are you making these 14 Channel Marketing Mistakes? - ChannelEyes Webinar
 
Why Domino is still the best platform for Rapid Application Development!
Why Domino is still the best platform for Rapid Application Development!Why Domino is still the best platform for Rapid Application Development!
Why Domino is still the best platform for Rapid Application Development!
 
Campus Gurus
Campus Gurus Campus Gurus
Campus Gurus
 
IP on top of Microsoft Dynamics CRM
IP on top of Microsoft Dynamics CRMIP on top of Microsoft Dynamics CRM
IP on top of Microsoft Dynamics CRM
 
Overcoming the 3 Challenges to Optimizing Your Email Program
Overcoming the 3 Challenges to Optimizing Your Email ProgramOvercoming the 3 Challenges to Optimizing Your Email Program
Overcoming the 3 Challenges to Optimizing Your Email Program
 
Cadence strategy
Cadence strategyCadence strategy
Cadence strategy
 
Using Return Path Data to Protect Your Brand: Security Breakout Session - Chi...
Using Return Path Data to Protect Your Brand: Security Breakout Session - Chi...Using Return Path Data to Protect Your Brand: Security Breakout Session - Chi...
Using Return Path Data to Protect Your Brand: Security Breakout Session - Chi...
 
On-Premises and Cloud - Putting the Pieces Together
On-Premises and Cloud - Putting the Pieces TogetherOn-Premises and Cloud - Putting the Pieces Together
On-Premises and Cloud - Putting the Pieces Together
 
Graduate programme QA engineer
Graduate programme QA engineerGraduate programme QA engineer
Graduate programme QA engineer
 
Social Media #ProTips with Salesforce
Social Media #ProTips with SalesforceSocial Media #ProTips with Salesforce
Social Media #ProTips with Salesforce
 
Mini-Case Study Closing Projects at Global Green Books Pu.docx
Mini-Case Study Closing Projects at Global Green Books Pu.docxMini-Case Study Closing Projects at Global Green Books Pu.docx
Mini-Case Study Closing Projects at Global Green Books Pu.docx
 

More from Rakuten Group, Inc.

コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
Rakuten Group, Inc.
 
楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり
Rakuten Group, Inc.
 
What Makes Software Green?
What Makes Software Green?What Makes Software Green?
What Makes Software Green?
Rakuten Group, Inc.
 
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Rakuten Group, Inc.
 
DataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組みDataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組み
Rakuten Group, Inc.
 
大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開
Rakuten Group, Inc.
 
楽天における大規模データベースの運用
楽天における大規模データベースの運用楽天における大規模データベースの運用
楽天における大規模データベースの運用
Rakuten Group, Inc.
 
楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー
Rakuten Group, Inc.
 
楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割
Rakuten Group, Inc.
 
Rakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdfRakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdf
Rakuten Group, Inc.
 
The Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdfThe Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdf
Rakuten Group, Inc.
 
Supporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdfSupporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdf
Rakuten Group, Inc.
 
Making Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfMaking Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdf
Rakuten Group, Inc.
 
How We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdfHow We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdf
Rakuten Group, Inc.
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech info
Rakuten Group, Inc.
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech info
Rakuten Group, Inc.
 
OWASPTop10_Introduction
OWASPTop10_IntroductionOWASPTop10_Introduction
OWASPTop10_Introduction
Rakuten Group, Inc.
 
Introduction of GORA API Group technology
Introduction of GORA API Group technologyIntroduction of GORA API Group technology
Introduction of GORA API Group technology
Rakuten Group, Inc.
 
100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情
Rakuten Group, Inc.
 
社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー
Rakuten Group, Inc.
 

More from Rakuten Group, Inc. (20)

コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
コードレビュー改善のためにJenkinsとIntelliJ IDEAのプラグインを自作してみた話
 
楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり楽天における安全な秘匿情報管理への道のり
楽天における安全な秘匿情報管理への道のり
 
What Makes Software Green?
What Makes Software Green?What Makes Software Green?
What Makes Software Green?
 
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
Simple and Effective Knowledge-Driven Query Expansion for QA-Based Product At...
 
DataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組みDataSkillCultureを浸透させる楽天の取り組み
DataSkillCultureを浸透させる楽天の取り組み
 
大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開
 
楽天における大規模データベースの運用
楽天における大規模データベースの運用楽天における大規模データベースの運用
楽天における大規模データベースの運用
 
楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー楽天サービスを支えるネットワークインフラストラクチャー
楽天サービスを支えるネットワークインフラストラクチャー
 
楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割楽天の規模とクラウドプラットフォーム統括部の役割
楽天の規模とクラウドプラットフォーム統括部の役割
 
Rakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdfRakuten Services and Infrastructure Team.pdf
Rakuten Services and Infrastructure Team.pdf
 
The Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdfThe Data Platform Administration Handling the 100 PB.pdf
The Data Platform Administration Handling the 100 PB.pdf
 
Supporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdfSupporting Internal Customers as Technical Account Managers.pdf
Supporting Internal Customers as Technical Account Managers.pdf
 
Making Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfMaking Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdf
 
How We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdfHow We Defined Our Own Cloud.pdf
How We Defined Our Own Cloud.pdf
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech info
 
Travel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech infoTravel & Leisure Platform Department's tech info
Travel & Leisure Platform Department's tech info
 
OWASPTop10_Introduction
OWASPTop10_IntroductionOWASPTop10_Introduction
OWASPTop10_Introduction
 
Introduction of GORA API Group technology
Introduction of GORA API Group technologyIntroduction of GORA API Group technology
Introduction of GORA API Group technology
 
100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情100PBを越えるデータプラットフォームの実情
100PBを越えるデータプラットフォームの実情
 
社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー社内エンジニアを支えるテクニカルアカウントマネージャー
社内エンジニアを支えるテクニカルアカウントマネージャー
 

Recently uploaded

DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 

Recently uploaded (20)

DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 

Email Security Case Study

  • 1. Nov 9, 2019 Kenji Kitaura Channel Solution Section Data Science & AI Department Rakuten, Inc.
  • 3. 3
  • 4. 4 Spoofing emails were sent which can’t be distinguished from fake and real.
  • 5. 5 Spoofing emails were sent which can’t be distinguished from fake and real. [【ご注意ください】楽天カードを装った不審なメール(カード利用お知らせメール) ・ https://ichiba.faq.rakuten.net/detail/000007165・2019/10/29] Highlight links to suspicious files
  • 6. 6  Damage brand image  Refrain from using services because of anxiety 
  • 7. 7 Ratio of email to Global Email Box Provider(EBP) such as @gmail.com has doubled in 6 years. Major EBPs are actively using sender authentication. They have been involved in it since the specification discussion.
  • 8. 8
  • 9. 9 TYPE OF EMAIL     Sender   Email Platform    … Rakuten sending various type of email from many platform. Managing all email is very difficult.
  • 10. 10
  • 11. 11    7.2% p=reject (Domain) Email sent by p=reject 56% ※ As of 2019/10/29 100% DMARC adaption
  • 12. 12 In the second half of last year, we focused on DKIM adaption. DMARC pass by SPF.
  • 13. 13
  • 14. 14 All domain reports are collected and analyzed in one system. Domain owners are able to see the detail DMARC, DKIM and SPF success rate for each platform.
  • 15. 15 Publish initial record with p=none Collect and analyze DMARC report DKIM & SPF implementation Policy ramp-up decision Initial Auditing Phase Policy Ramp-up Phase Ongoing monitoring Phase p=reject(quarantine and pct are option) Realtime email open rate monitoring in 2 days after changing Verify DMARC report Confirm Number of inquiries to call center DMARC success rate in sending platform Find unknown platform and check DMARC success rate Steps for introducing DMARC. At Rakuten, the goal is basically p=reject.
  • 16. 16
  • 17. 17 Since it is necessary to implement with many services, we asked for top-down and invited the operators to briefing session. CISO CxO (Executives) Service Director Operator Service Tech External tool Vendors Project Team Technical Assistant Guidance/Manual Seminar/Consultation Describe directly
  • 18. 18
  • 19. 19 There were occasional large phishing campaigns. There is always a certain amount of unauthorized emails in normal times. Rakuten Card p=reject 100% Other Major Domains p=reject 100%
  • 20. 20 An analysis of the DMARC report revealed email statistics.    
  • 21. 21 The number of phone calls regarding phishing has temporarily decreased by about 50% since the adaptation of DMARC with p=reject. DMARC p=reject implemented on 2017/11 Reject rate against unauthorized email
  • 22. 22
  • 23. 23 Yahoo! Mail is one of the most popular email services for customers in Japan. Last year, Yahoo! Japan and Rakuten began displaying brand images using DKIM as a measure against spoofing emails. [楽天サービスに対する不正対策・https://corp.rakuten.co.jp/security/anti-fraud/・2019/10/29] Brand Symbol
  • 24. 24   Rakuten is actively working to improve email security as a large email sender. As part of that activity, I participate in major conferences in this field.
  • 25. 25 Meet our Recruiting team for more details