Contactlab, profile picture
Uploaded byContactlab
PDF, PPTX857 views

Protect your domain with DMARC

This document discusses the importance of DMARC (Domain-based Message Authentication, Reporting & Conformance) for email marketers, outlining how it enhances email security by preventing unauthorized use of domains and improving email deliverability. It highlights the role of authentication methods such as SPF and DKIM in securing emails, as well as the benefits of implementing DMARC policies. The document also emphasizes the financial and reputational risks associated with phishing attacks and provides insights into the workings and advantages of DMARC for organizations.

Embed presentation

Download as PDF, PPTX
Master version 0.0.2 DMARC Domain-based Message Authentication Reporting & Conformance Martijn Groeneweg General Manager Europe, dmarcian Wesley Rietveld Sales Director Europe, dmarcian Marco Franceschetti, Head of Deliverability, Contactlab
2 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Why you should care! DMARC? Should you as an email marketer care about DMARC? Why is domain authentication important? Why are there always new standards coming from the email ecosystem? Is it a mandatory requirement? Is it about security?
3 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Gmail wants it Source: https://support.google.com/mail/answer/81126?hl=en
4 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Gmail wants it
5 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Authentication: SPF SPF – Path based on email’s path from the Sender (Contactlab) to the Mailbox provider. Works on "Envelope From" domain. Not on the "From" domain. Is it 100% sure? Sender / @example.com IP address DNS Server/ SPF Record Valid authentication? Yes / No MBP – filter mix
6 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Authentication: DKIM DKIM – "validating a domain name identity that is associated with a message through cryptographic authentication". "DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. " www.dkim.org Is it a 100% sure method?
7 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. What DMARC brings Source: https://support.google.com/a/answer/2466580 “You'll receive a daily report from each participating email provider so you can see how often your messages are authenticated, how often invalid messages are identified, and policy actions requested and taken by IP address.”
Protect your domain with DMARC
• Who we are • Why DMARC? • How DMARC works • Let’s phish Polizia di Stato and Banca d’Italia • PostNL case • Questions Agenda
Who we are
• Started in 2012 • dmarcian is the leading “Full Service” provider of DMARC Services • dmarcian has a regionalized European operations that meets European data requirements • dmarcian offers – Web based tooling – Deployment support – Support packages Who we are
• Customers – Banks, top internet properties, marketing agencies, telecoms and commercial enterprises of all sizes – More than 19.000 companies and organizations – More than 2.000.000 domains • About 25 people – CEO and founder Tim Draegen is primary author of DMARC spec and currently one of the chairs of the IETF DMARC working group – Scott Kitterman is one of the primary authors of SPF Who we are
Why DMARC?
Why DMARC?
For any given email: Real or Not Real? Why DMARC?
Why DMARC?
“95% of all attacks on enterprise networks are the results from successful spear phishing” Allen Paller, Director of Research - SANS Institute “The FBI reports a $2.3 Billion Loss to Spear Phishing and CEO Email Scams from Oct 2013 to Aug 2016. Since January 2015, the FBI has seen a 270% increase in Cybersecurity attacks.” fbi.gov Why DMARC?
Phishing is threat for online trust
• Monetary loss • Remediation cost • Reputation cost Cost of phishing
DMARC fixes email
Gmail question mark
Why DMARC • Delivery Use the same modern plumbing that mega companies use to deliver email. • Security Disallow unauthorized use of your email domain to protect people from spam, fraud, and phishing. • Visibility Gain visibility into who and what across the Internet is sending email using your email domain. • Identity Make your email easy to identify across the huge and growing footprint of DMARC-capable receivers.
How DMARC works
• DNS entry (TXT record _dmarc.example.com) • Builds on existing email authentication technology (SPF and DKIM) • Provides feedback data to Domain Owners • Allows for blocking of unauthorized email How DMARC works
DMARC Policy 1. p=none Monitoring, no impact on mailflows 2. p=quarantine Deliver to spam folder 3. p=reject Block email that fails the DMARC check
Return-Path: <foe@SAMPLE.net> Delivered-To: friend@example.org Authentication-Results: mail.example.org; spf=pass (example.org: domain of foe@sample.net designates 1.2.3.4 as permitted sender) smtp.mail=foe@sample.net; dkim=pass header.i=@sample.net Received: from .. DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=SAMPLE.net; s=february_2014; i=@sample.net; q=dns/txt; h= .. ; bh= .. ; b= .. Date: Wed, 19 Feb 2014 12:39:06 -0500 From: “Fred“ <foe@CLIENT.net> To: “Frank Riend” <friend@example.org> Subject: REMINDER – don’t mess this up, Frank! Hi, please don’t forget about the meeting. It’s very important! Your friend, Fred DMARC on From domain DKIM: d= domain SPF on Envelope domain = Mail From = Return Path misalignment DMARC To tie it all together. For a piece of email to be considered compliant with DMARC, the domain found in an email’s From: header must match either the SPF-validated domain or the originating domain found in a valid DKIM signature. If the domains match, receivers can safely assert that the email did come from the domain that it purports to come from. This is how easy-to-identify email is made possible. FAIL
Return-Path: <foe@CLIENT.net> Delivered-To: friend@example.org Authentication-Results: mail.example.org; spf=pass (example.org: domain of foe@sample.net designates 1.2.3.4 as permitted sender) smtp.mail=foe@sample.net; dkim=pass header.i=@sample.net Received: from .. DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=CLIENT.net; s=february_2014; i=@sample.net; q=dns/txt; h= .. ; bh= .. ; b= .. Date: Wed, 19 Feb 2014 12:39:06 -0500 From: “Fred“ <foe@CLIENT.net> To: “Frank Riend” <friend@example.org> Subject: REMINDER – don’t mess this up, Frank! Hi, please don’t forget about the meeting. It’s very important! Your friend, Fred DMARC on From domain DKIM: d= domain SPF on Envelope domain = Mail From = Return Path alignment DMARC To tie it all together. For a piece of email to be considered compliant with DMARC, the domain found in an email’s From: header must match either the SPF-validated domain or the originating domain found in a valid DKIM signature. If the domains match, receivers can safely assert that the email did come from the domain that it purports to come from. This is how easy-to-identify email is made possible. PASS on SPF & DKIM
Let’s phish Polizia di Stato and Banca d’Italia
Polizia di Stato
Polizia di Stato
Polizia di Stato
Polizia di Stato
Polizia di Stato
Internet.nl
Internet.nl
Internet.nl
Internet.nl
Do it the right way
PostNL case
PostNL Other customer
PostNL DMARC ROI •Reduced customer support 90.000 euro per year •Reduced cost of domain registrations 20.000 euro per year •Break even period 2 years (looking at direct cost only)
Q&A Session
49 © Copyright 2017-2019 Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. WEBINAR CONTACTLAB http://contactlab.com/it/landing/webinar/ HOME > EVENTI E RISORSE > WEBINAR See you next year Contacthub
Thank you! Marco Franceschetti Head of Deliverability marco.fraceschetti@contactlab.com Wesley Rietveld Sales Director Europe, dmarcian wesley@dmarcian.com Martijn Groeneweg General Manager Europe, dmarcian martijn@dmarcian.com

More Related Content

PPT
Rollenoffsetdruck
bySappiHouston
 
PDF
Βασικά τριγωνομετρικά όρια - Εργασία μαθητών
byΜάκης Χατζόπουλος
 
PPSX
2.2.6 ΑΝΑΠΑΡΑΣΤΑΣΗ ΔΕΔΟΜΕΝΩΝ
byAnastasia Stathopoulou
 
PDF
επιρρήματα
byΓιαννόπουλος Γιάννης
 
PDF
7440227 συντακτικο-συγχρονης-δημοτικης-ελληνικης-γλωσσας
byssuser27e3da
 
PDF
Getting startedwithdmarc5
bygrafica_corella
 
PPTX
Fighting Email Abuse with DMARC
byKurt Andersen
 
PPTX
What is dmarc
byGodmarc
 
Rollenoffsetdruck
bySappiHouston
 
Βασικά τριγωνομετρικά όρια - Εργασία μαθητών
byΜάκης Χατζόπουλος
 
2.2.6 ΑΝΑΠΑΡΑΣΤΑΣΗ ΔΕΔΟΜΕΝΩΝ
byAnastasia Stathopoulou
 
επιρρήματα
byΓιαννόπουλος Γιάννης
 
7440227 συντακτικο-συγχρονης-δημοτικης-ελληνικης-γλωσσας
byssuser27e3da
 
Getting startedwithdmarc5
bygrafica_corella
 
Fighting Email Abuse with DMARC
byKurt Andersen
 
What is dmarc
byGodmarc
 

Similar to Protect your domain with DMARC

PDF
DMARC Overview
byOWASP Delhi
 
DOCX
Article on DMARC
byfatima javaid
 
PPTX
TrustYourInbox: What is DMARC?
byTrustYourInbox
 
PPTX
Jak ochránit vaší značku a doménu s technologií DMARC
byMailkit
 
PDF
DMARC Implementation across all domains
byCTM360
 
PDF
Infographic: How to Prevent Email Fraud with DMARC
byReturn Path
 
PPTX
What is DMARC?
byGodmarc
 
PDF
GoDMARC - Block Email Phishing
byTarun Arora
 
PPTX
Network and Internet Security.pptx
byGuna Dhondwad
 
PDF
Your Customers Need A Hero - Save Them From Internet Villains With DMARC
byStephen Mitchell
 
PDF
An Introduction To The DMARC SMTP Validation Requirements
byGabriella Davis
 
PDF
DMARC360 Guide
byDMARC360
 
PPTX
Safeguard Your Brand: Introducing yourDMARC's Advanced Email Security Solutions
byyourDMARC
 
PDF
How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...
byGangcai Lin
 
PPTX
How Cybercriminals Cheat Email Authentication
byReturn Path
 
PPTX
Dmarc is your savior
byTIKAJ
 
PDF
Neuailes Global Technologies Pvt Ltd
byShankar Suman
 
PDF
A guide to email spoofing
byMattChapman50
 
PPTX
Using DMARC to Improve Your Email Reputation
byTerry Zink
 
PDF
An Introduction To The DMARC SMTP Validation Requirements
byGabriella Davis
 
DMARC Overview
byOWASP Delhi
 
Article on DMARC
byfatima javaid
 
TrustYourInbox: What is DMARC?
byTrustYourInbox
 
Jak ochránit vaší značku a doménu s technologií DMARC
byMailkit
 
DMARC Implementation across all domains
byCTM360
 
Infographic: How to Prevent Email Fraud with DMARC
byReturn Path
 
What is DMARC?
byGodmarc
 
GoDMARC - Block Email Phishing
byTarun Arora
 
Network and Internet Security.pptx
byGuna Dhondwad
 
Your Customers Need A Hero - Save Them From Internet Villains With DMARC
byStephen Mitchell
 
An Introduction To The DMARC SMTP Validation Requirements
byGabriella Davis
 
DMARC360 Guide
byDMARC360
 
Safeguard Your Brand: Introducing yourDMARC's Advanced Email Security Solutions
byyourDMARC
 
How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...
byGangcai Lin
 
How Cybercriminals Cheat Email Authentication
byReturn Path
 
Dmarc is your savior
byTIKAJ
 
Neuailes Global Technologies Pvt Ltd
byShankar Suman
 
A guide to email spoofing
byMattChapman50
 
Using DMARC to Improve Your Email Reputation
byTerry Zink
 
An Introduction To The DMARC SMTP Validation Requirements
byGabriella Davis
 

More from Contactlab

PDF
Come migliorare l’engagement tramite analisi dei dati, algoritmi predittivi e...
byContactlab
 
PDF
Digital Competitive Map Contemporary 2019 - Abstract
byContactlab
 
PPTX
Artificial Intelligence or Artificial Dummies? Come istruire la macchina a no...
byContactlab
 
PDF
User journeys: FATTI non PAROLE.Come analizzare i processi di acquisto e usar...
byContactlab
 
PPTX
Personas & Journeys
byContactlab
 
PDF
Conosci il vero significato dei tuoi dati con Analytics!
byContactlab
 
PDF
Strategia di personalizzazione omnichannel
byContactlab
 
PDF
Algoritmi e modelli predittivi per arricchire il profilo unico dei tuoi utenti.
byContactlab
 
PDF
Gestisci e automatizza le tue azioni di marketing su un'unica piattaforma.
byContactlab
 
PDF
GDPR: è iniziato il countdown
byContactlab
 
PDF
NEW EDITION! Il caso del “luxury feeling”: best practice sull’esperienza d’ac...
byContactlab
 
PDF
CONTACTONE: COSTRUISCI RELAZIONI SOLIDE E DURATURE CON I TUOI CLIENTI E MIGLI...
byContactlab
 
PDF
Metodologia Agile in Contactlab
byContactlab
 
PDF
Welfare in Contactlab
byContactlab
 
PDF
Caso Costa. Personalizzare l'esperienza oltre la crociera.
byContactlab
 
PDF
Il viaggio di un'architettura: dal monolite ad un ecosistema di API ed eventi
byContactlab
 
PDF
Creare UI semplici, intuitive ed efficaci con la Pattern Library di Contactla...
byContactlab
 
PDF
So cosa hai fatto: dietro le quinte del Data-driven marketing
byContactlab
 
PDF
Contactone: il modello di sviluppo che favorisce la relazione diretta con il ...
byContactlab
 
PDF
API, SDK e Plugin: raccogliere e integrare i dati, abilitare un profilo consu...
byContactlab
 
Come migliorare l’engagement tramite analisi dei dati, algoritmi predittivi e...
byContactlab
 
Digital Competitive Map Contemporary 2019 - Abstract
byContactlab
 
Artificial Intelligence or Artificial Dummies? Come istruire la macchina a no...
byContactlab
 
User journeys: FATTI non PAROLE.Come analizzare i processi di acquisto e usar...
byContactlab
 
Personas & Journeys
byContactlab
 
Conosci il vero significato dei tuoi dati con Analytics!
byContactlab
 
Strategia di personalizzazione omnichannel
byContactlab
 
Algoritmi e modelli predittivi per arricchire il profilo unico dei tuoi utenti.
byContactlab
 
Gestisci e automatizza le tue azioni di marketing su un'unica piattaforma.
byContactlab
 
GDPR: è iniziato il countdown
byContactlab
 
NEW EDITION! Il caso del “luxury feeling”: best practice sull’esperienza d’ac...
byContactlab
 
CONTACTONE: COSTRUISCI RELAZIONI SOLIDE E DURATURE CON I TUOI CLIENTI E MIGLI...
byContactlab
 
Metodologia Agile in Contactlab
byContactlab
 
Welfare in Contactlab
byContactlab
 
Caso Costa. Personalizzare l'esperienza oltre la crociera.
byContactlab
 
Il viaggio di un'architettura: dal monolite ad un ecosistema di API ed eventi
byContactlab
 
Creare UI semplici, intuitive ed efficaci con la Pattern Library di Contactla...
byContactlab
 
So cosa hai fatto: dietro le quinte del Data-driven marketing
byContactlab
 
Contactone: il modello di sviluppo che favorisce la relazione diretta con il ...
byContactlab
 
API, SDK e Plugin: raccogliere e integrare i dati, abilitare un profilo consu...
byContactlab
 

Recently uploaded

PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
API-First Architecture in Financial Systems
bycyy111112
 

Protect your domain with DMARC

  • 1.
    Master version 0.0.2 DMARC Domain-basedMessage Authentication Reporting & Conformance Martijn Groeneweg General Manager Europe, dmarcian Wesley Rietveld Sales Director Europe, dmarcian Marco Franceschetti, Head of Deliverability, Contactlab
  • 2.
    2 © Copyright 2017-2019Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Why you should care! DMARC? Should you as an email marketer care about DMARC? Why is domain authentication important? Why are there always new standards coming from the email ecosystem? Is it a mandatory requirement? Is it about security?
  • 3.
    3 © Copyright 2017-2019Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Gmail wants it Source: https://support.google.com/mail/answer/81126?hl=en
  • 4.
    4 © Copyright 2017-2019Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Gmail wants it
  • 5.
    5 © Copyright 2017-2019Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Authentication: SPF SPF – Path based on email’s path from the Sender (Contactlab) to the Mailbox provider. Works on "Envelope From" domain. Not on the "From" domain. Is it 100% sure? Sender / @example.com IP address DNS Server/ SPF Record Valid authentication? Yes / No MBP – filter mix
  • 6.
    6 © Copyright 2017-2019Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. Authentication: DKIM DKIM – "validating a domain name identity that is associated with a message through cryptographic authentication". "DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. " www.dkim.org Is it a 100% sure method?
  • 7.
    7 © Copyright 2017-2019Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. What DMARC brings Source: https://support.google.com/a/answer/2466580 “You'll receive a daily report from each participating email provider so you can see how often your messages are authenticated, how often invalid messages are identified, and policy actions requested and taken by IP address.”
  • 8.
  • 9.
    • Who weare • Why DMARC? • How DMARC works • Let’s phish Polizia di Stato and Banca d’Italia • PostNL case • Questions Agenda
  • 10.
  • 11.
    • Started in2012 • dmarcian is the leading “Full Service” provider of DMARC Services • dmarcian has a regionalized European operations that meets European data requirements • dmarcian offers – Web based tooling – Deployment support – Support packages Who we are
  • 12.
    • Customers – Banks,top internet properties, marketing agencies, telecoms and commercial enterprises of all sizes – More than 19.000 companies and organizations – More than 2.000.000 domains • About 25 people – CEO and founder Tim Draegen is primary author of DMARC spec and currently one of the chairs of the IETF DMARC working group – Scott Kitterman is one of the primary authors of SPF Who we are
  • 13.
  • 14.
  • 15.
    For any givenemail: Real or Not Real? Why DMARC?
  • 16.
  • 17.
    “95% of allattacks on enterprise networks are the results from successful spear phishing” Allen Paller, Director of Research - SANS Institute “The FBI reports a $2.3 Billion Loss to Spear Phishing and CEO Email Scams from Oct 2013 to Aug 2016. Since January 2015, the FBI has seen a 270% increase in Cybersecurity attacks.” fbi.gov Why DMARC?
  • 18.
    Phishing is threatfor online trust
  • 19.
    • Monetary loss •Remediation cost • Reputation cost Cost of phishing
  • 20.
  • 21.
  • 22.
    Why DMARC • Delivery Usethe same modern plumbing that mega companies use to deliver email. • Security Disallow unauthorized use of your email domain to protect people from spam, fraud, and phishing. • Visibility Gain visibility into who and what across the Internet is sending email using your email domain. • Identity Make your email easy to identify across the huge and growing footprint of DMARC-capable receivers.
  • 23.
  • 24.
    • DNS entry(TXT record _dmarc.example.com) • Builds on existing email authentication technology (SPF and DKIM) • Provides feedback data to Domain Owners • Allows for blocking of unauthorized email How DMARC works
  • 25.
    DMARC Policy 1. p=none Monitoring,no impact on mailflows 2. p=quarantine Deliver to spam folder 3. p=reject Block email that fails the DMARC check
  • 26.
    Return-Path: <foe@SAMPLE.net> Delivered-To: friend@example.org Authentication-Results:mail.example.org; spf=pass (example.org: domain of foe@sample.net designates 1.2.3.4 as permitted sender) smtp.mail=foe@sample.net; dkim=pass header.i=@sample.net Received: from .. DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=SAMPLE.net; s=february_2014; i=@sample.net; q=dns/txt; h= .. ; bh= .. ; b= .. Date: Wed, 19 Feb 2014 12:39:06 -0500 From: “Fred“ <foe@CLIENT.net> To: “Frank Riend” <friend@example.org> Subject: REMINDER – don’t mess this up, Frank! Hi, please don’t forget about the meeting. It’s very important! Your friend, Fred DMARC on From domain DKIM: d= domain SPF on Envelope domain = Mail From = Return Path misalignment DMARC To tie it all together. For a piece of email to be considered compliant with DMARC, the domain found in an email’s From: header must match either the SPF-validated domain or the originating domain found in a valid DKIM signature. If the domains match, receivers can safely assert that the email did come from the domain that it purports to come from. This is how easy-to-identify email is made possible. FAIL
  • 27.
    Return-Path: <foe@CLIENT.net> Delivered-To: friend@example.org Authentication-Results:mail.example.org; spf=pass (example.org: domain of foe@sample.net designates 1.2.3.4 as permitted sender) smtp.mail=foe@sample.net; dkim=pass header.i=@sample.net Received: from .. DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=CLIENT.net; s=february_2014; i=@sample.net; q=dns/txt; h= .. ; bh= .. ; b= .. Date: Wed, 19 Feb 2014 12:39:06 -0500 From: “Fred“ <foe@CLIENT.net> To: “Frank Riend” <friend@example.org> Subject: REMINDER – don’t mess this up, Frank! Hi, please don’t forget about the meeting. It’s very important! Your friend, Fred DMARC on From domain DKIM: d= domain SPF on Envelope domain = Mail From = Return Path alignment DMARC To tie it all together. For a piece of email to be considered compliant with DMARC, the domain found in an email’s From: header must match either the SPF-validated domain or the originating domain found in a valid DKIM signature. If the domains match, receivers can safely assert that the email did come from the domain that it purports to come from. This is how easy-to-identify email is made possible. PASS on SPF & DKIM
  • 28.
    Let’s phish Poliziadi Stato and Banca d’Italia
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
    Do it theright way
  • 39.
  • 44.
  • 47.
    PostNL DMARC ROI •Reducedcustomer support 90.000 euro per year •Reduced cost of domain registrations 20.000 euro per year •Break even period 2 years (looking at direct cost only)
  • 48.
  • 49.
    49 © Copyright 2017-2019Contactlab This document may not be modified, organized or reutilized in any way without the express written permission of the rightful owner. WEBINAR CONTACTLAB http://contactlab.com/it/landing/webinar/ HOME > EVENTI E RISORSE > WEBINAR See you next year Contacthub
  • 50.
    Thank you! Marco Franceschetti Headof Deliverability marco.fraceschetti@contactlab.com Wesley Rietveld Sales Director Europe, dmarcian wesley@dmarcian.com Martijn Groeneweg General Manager Europe, dmarcian martijn@dmarcian.com