TZ
Uploaded byTerry Zink
PPTX, PDF1,189 views

Taking the hassle out of email authentication

The document discusses the importance of email authentication to prevent phishing and improve email presentation, using the analogy of cat feeding problems to illustrate the complexities involved. It emphasizes that proper implementation of technologies like SPF, DKIM, and DMARC is crucial for maintaining email integrity and user experience. Automation is suggested as a solution to address the challenges of setting up and maintaining email authentication effectively.

Embed presentation

Downloaded 15 times
“Any sufficiently advanced technology is indistinguishable from magic.” - Arthur C. Clarke
1. The problem 2. Why email authentication? 3. Why don’t people do email authentication? 4. Automation can fix the problem 5. Conclusion
1. The problem 2. Why email authentication? 3. Why don’t people do email authentication? 4. Automation can fix the problem 5. Conclusion
Ruby - 4 years old - budgets her food Esmerelda - 6 months old - devours her food
• Ruby is a young-middle aged cat and doesn’t eat her food all at once. She comes back to it and munches about 15 times per day. • Esmerelda is young and gulps down her food, and then goes to Ruby and eats hers, too. • Esmerelda eats too much, Ruby gets too little. • How do I fix this!?
1. The problem 2. Why email authentication? 3. Why don’t people do email authentication? 4. Automation can fix the problem 5. Conclusion
1. SPF – path-based authentication 2. DKIM – message-based (digitally signed) authentication 3. DMARC – what you see must authenticate
1. To stop phishing and spear phishing
1. To stop phishing and spear phishing Spear phishing is possible because From: domain spoofing is easy to do. Office 365 has a lot of backend intelligence to stop this in the absence of SPF, DKIM, and DMARC records but the fact remains that unprotected domains leaves you open to spoofing
2. To enable rich email scenarios
2. To enable rich email scenarios Email clients want to give you a rich experience. This example is an agreed-upon XML standard between airlines and email clients that if they send in a certain format, the email client will “promote” the features and display them prominently. However, if you don’t authenticate your email, receivers will be wary about showing the rich content. So, your competitor’s messages will look nice in the inbox. Yours will not.
3. Because if you don’t care, your email will look bad
3. Because if you don’t care, your email will look bad Gmail shows an exclamation point if you don’t authenticate with SPF or DKIM. Office 365 shows a red safety tip for messages that fail authentication. Email clients will start treating unauth’ed mail suspiciously going forward, and it will only lead to a more and more degraded experience for non-authed mail. In other words, things will not get any better for unauth’ed mail.
1. The problem 2. Why email authentication? 3. Why don’t people do email authentication? 4. Automation can fix the problem 5. Conclusion
1. The problem 2. Why email authentication? 3. Why don’t people do email authentication? 4. Automation can fix the problem 5. Conclusion
Automatic cat feed ensures Esmerelda (the young, tabbie cat) doesn’t scarf down all her food at once, feeds her 4x per day
A pet feeder with microchip ensures that only Ruby (the orange, older cat) can have access to that set of food. The feeder detects the microchip that has been paired to the cat which I had to do manually. Ruby did not cooperate while I did that.
“All happy families are alike; each unhappy family is unhappy in its own way.” - Leo Tolstoy, from Anna Karenina
What does this mean? Happy families do everything right – stable home, good financial situation, strong extended family, good neighborhood, and so forth. Happy families must do all of these. An unhappy family only needs one of these to go wrong. Thus, happy families need 10/10 conditions, unhappy ones need only 1/10 to be bad, and each 1/10 can be different than the next.
What does this mean for email? Email auth must do everything right – correct syntax, well maintained, understood by knowledgeable people, and so forth. It is trivially easy for email authentication to go poorly in a big organization... Or a medium-size one… or a small one. And there are many different ways for it to go wrong.
I say where to look it up from DNS CNAME Pushing a button sets this up
I say where to look it up from DNS CNAME Pushing a button sets this up
I say where to look it up from DNS CNAME Pushing a button sets this up
I say where to look it up from DNS CNAME Pushing a button sets this up
I say where to look it up from DNS redirect, macro
I say where to look it up from DNS redirect, macro
I say where to look it up from DNS redirect, macro
I say where to look it up from DNS redirect, macro
1. Enforces compliance 2. Reduces errors 3. But… adds some additional cost to service provider 4. But… still requires some configuration for some domains
1. Email authentication is becoming more important 2. But it’s difficult to do 3. So, we need to automate it because that’s the only way it will work over the long run
Taking the hassle out of email authentication

More Related Content

PDF
How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...
byGangcai Lin
 
PPT
E Mail
byPatel Chaitany R
 
PPTX
What is Email Authentication? Methods and How to Do It.pptx
byHawkShield
 
PDF
The Rising Importance of Email Security in a Digital-First World.pdf
byImpaakt Magazine
 
PDF
How to unlock gmail account
byitinfomration
 
PPTX
Email Security Solutions | Seclore
bySeclore
 
PPTX
4 Step guide to bypassing the school’s internet and unblocking Instagram
byLime VPN
 
PDF
Infrastructure as code might be literally impossible part 2
byice799
 
How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definiti...
byGangcai Lin
 
E Mail
byPatel Chaitany R
 
What is Email Authentication? Methods and How to Do It.pptx
byHawkShield
 
The Rising Importance of Email Security in a Digital-First World.pdf
byImpaakt Magazine
 
How to unlock gmail account
byitinfomration
 
Email Security Solutions | Seclore
bySeclore
 
4 Step guide to bypassing the school’s internet and unblocking Instagram
byLime VPN
 
Infrastructure as code might be literally impossible part 2
byice799
 

Similar to Taking the hassle out of email authentication

PPT
Email Security and Awareness
bySanjiv Arora
 
PDF
Google & Yahoo's Email Update: Your Must-Do Checklist
byBloomerang
 
PDF
Transactional Email Best Practices
byWildbit
 
PDF
Did you get my email?
byTayfun TEK
 
PPTX
What You Need to Know About Email Authentication
byKurt Andersen
 
PPTX
Effective Use of Email Systems in Professional Environments.pptx
byshantelledavis7
 
PPTX
Network and Internet Security.pptx
byGuna Dhondwad
 
PDF
OWASP ATL - Social Engineering Technical Controls Presentation
byOWASP Atlanta
 
PPTX
Email privacy
byBertold Kolics
 
PPTX
Domain Keys Identified Mail (DKIM) protects email
byMohanGC4
 
PDF
Why Encryption is Not Optional in 2025.pdf
bySecure Titan
 
PDF
The Future of Email Security 5 Essential Solutions.pdf
byHawkShield
 
PPTX
HighRoad U Webinar: Election & Holiday Email Extravaganza
byHighRoad Solution
 
PPTX
Importance Of Email Encryption In Organizations
byZixMailEncryption.com
 
PPTX
DKIM PRes.pptx
byjohnjohn467795
 
PPTX
Email (3)
bymarkilyn
 
PDF
How Much Do You Trust Email?
byEchoworx
 
PPTX
Top 8 Features of an Effective Email Security Solution.pptx
bySeclore
 
PDF
Cloud email demystified
byPSD Solutions .....
 
PPTX
cryptography for home users
byRachanaS6
 
Email Security and Awareness
bySanjiv Arora
 
Google & Yahoo's Email Update: Your Must-Do Checklist
byBloomerang
 
Transactional Email Best Practices
byWildbit
 
Did you get my email?
byTayfun TEK
 
What You Need to Know About Email Authentication
byKurt Andersen
 
Effective Use of Email Systems in Professional Environments.pptx
byshantelledavis7
 
Network and Internet Security.pptx
byGuna Dhondwad
 
OWASP ATL - Social Engineering Technical Controls Presentation
byOWASP Atlanta
 
Email privacy
byBertold Kolics
 
Domain Keys Identified Mail (DKIM) protects email
byMohanGC4
 
Why Encryption is Not Optional in 2025.pdf
bySecure Titan
 
The Future of Email Security 5 Essential Solutions.pdf
byHawkShield
 
HighRoad U Webinar: Election & Holiday Email Extravaganza
byHighRoad Solution
 
Importance Of Email Encryption In Organizations
byZixMailEncryption.com
 
DKIM PRes.pptx
byjohnjohn467795
 
Email (3)
bymarkilyn
 
How Much Do You Trust Email?
byEchoworx
 
Top 8 Features of an Effective Email Security Solution.pptx
bySeclore
 
Cloud email demystified
byPSD Solutions .....
 
cryptography for home users
byRachanaS6
 

Recently uploaded

PPTX
infosecurity & Cyber Sec 2025 September for deep.pptx
bymsrehan
 
PPTX
Power point presentation on introduction of software engineering
bys6050748
 
PPT
Tutorial-security-privacy-cloud intro duction about cloud compting its services
byHEmansuSingh
 
PPTX
Data Science with R Final yrUnit II.pptx
byOsmania University
 
PPTX
Track & Monitor Preventive Maintenance — Best Practices with MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
PPTX
Optimizing Operations: Key Elements of a Successful Plant Maintenance Plan — ...
byMaintWiz Technologies Private Limited
 
PPTX
How to Implement Kaizen in Your Organization for Continuous Improvement Success
byMaintWiz Technologies Private Limited
 
PPTX
Industrial Plant Safety – Comprehensive Guide for Workplace Safety & Risk Pre...
byMaintWiz Technologies Private Limited
 
PDF
Modeltomodel_Transformation_with_ATL (1).pdf
byISEMENSIAS
 
PPTX
Vertical turbine pump explains installed in power plants
bysadanandyadav25
 
PPTX
Preventive Maintenance Program for Compressors – Complete Guide
byMaintWiz Technologies Private Limited
 
PDF
Hybrid Anomaly Detection Mechanism for IOT Networks
byIJCNCJournal
 
PPTX
22PEOIT4C Session 7 A searching algorithm.pptx
bymailmegokilavani
 
PDF
A Guide to Components and Operation of Refrigeration Plant - Part 1
byMahmoud Moghtaderi
 
PDF
Advanced Intrusion Detection and Classification using Transfer Learning with ...
byIJCNCJournal
 
PDF
Nostr : A protocol for freedom of speech
byEmre YILMAZ
 
PPTX
Civil_Engineering_Technician_Skill_Assessment_2025_2026_Presentation.pptx
byCDR Australia Engineer
 
DOCX
Buy Facebook Ads Accounts_ Boost Your Professional ....docx
bytopusapro.com
 
PPTX
Plant Bio-additives (2).pptxA plant bioadditive is a functional substance der...
byMadan Bhandari university and St. Xavier's college , Maitighar
 
PPTX
KTU 2024 SCHEME -PEMET 413 COMPOSITE MATERIALS MODULE 1 LECTURE 1.pptx
byVinayB68
 
infosecurity & Cyber Sec 2025 September for deep.pptx
bymsrehan
 
Power point presentation on introduction of software engineering
bys6050748
 
Tutorial-security-privacy-cloud intro duction about cloud compting its services
byHEmansuSingh
 
Data Science with R Final yrUnit II.pptx
byOsmania University
 
Track & Monitor Preventive Maintenance — Best Practices with MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
Optimizing Operations: Key Elements of a Successful Plant Maintenance Plan — ...
byMaintWiz Technologies Private Limited
 
How to Implement Kaizen in Your Organization for Continuous Improvement Success
byMaintWiz Technologies Private Limited
 
Industrial Plant Safety – Comprehensive Guide for Workplace Safety & Risk Pre...
byMaintWiz Technologies Private Limited
 
Modeltomodel_Transformation_with_ATL (1).pdf
byISEMENSIAS
 
Vertical turbine pump explains installed in power plants
bysadanandyadav25
 
Preventive Maintenance Program for Compressors – Complete Guide
byMaintWiz Technologies Private Limited
 
Hybrid Anomaly Detection Mechanism for IOT Networks
byIJCNCJournal
 
22PEOIT4C Session 7 A searching algorithm.pptx
bymailmegokilavani
 
A Guide to Components and Operation of Refrigeration Plant - Part 1
byMahmoud Moghtaderi
 
Advanced Intrusion Detection and Classification using Transfer Learning with ...
byIJCNCJournal
 
Nostr : A protocol for freedom of speech
byEmre YILMAZ
 
Civil_Engineering_Technician_Skill_Assessment_2025_2026_Presentation.pptx
byCDR Australia Engineer
 
Buy Facebook Ads Accounts_ Boost Your Professional ....docx
bytopusapro.com
 
Plant Bio-additives (2).pptxA plant bioadditive is a functional substance der...
byMadan Bhandari university and St. Xavier's college , Maitighar
 
KTU 2024 SCHEME -PEMET 413 COMPOSITE MATERIALS MODULE 1 LECTURE 1.pptx
byVinayB68
 

Taking the hassle out of email authentication

  • 2.
    “Any sufficiently advancedtechnology is indistinguishable from magic.” - Arthur C. Clarke
  • 3.
    1. The problem 2.Why email authentication? 3. Why don’t people do email authentication? 4. Automation can fix the problem 5. Conclusion
  • 4.
    1. The problem 2.Why email authentication? 3. Why don’t people do email authentication? 4. Automation can fix the problem 5. Conclusion
  • 5.
    Ruby - 4 yearsold - budgets her food Esmerelda - 6 months old - devours her food
  • 6.
    • Ruby isa young-middle aged cat and doesn’t eat her food all at once. She comes back to it and munches about 15 times per day. • Esmerelda is young and gulps down her food, and then goes to Ruby and eats hers, too. • Esmerelda eats too much, Ruby gets too little. • How do I fix this!?
  • 7.
    1. The problem 2.Why email authentication? 3. Why don’t people do email authentication? 4. Automation can fix the problem 5. Conclusion
  • 8.
    1. SPF –path-based authentication 2. DKIM – message-based (digitally signed) authentication 3. DMARC – what you see must authenticate
  • 9.
    1. To stopphishing and spear phishing
  • 10.
    1. To stopphishing and spear phishing Spear phishing is possible because From: domain spoofing is easy to do. Office 365 has a lot of backend intelligence to stop this in the absence of SPF, DKIM, and DMARC records but the fact remains that unprotected domains leaves you open to spoofing
  • 11.
    2. To enablerich email scenarios
  • 12.
    2. To enablerich email scenarios Email clients want to give you a rich experience. This example is an agreed-upon XML standard between airlines and email clients that if they send in a certain format, the email client will “promote” the features and display them prominently. However, if you don’t authenticate your email, receivers will be wary about showing the rich content. So, your competitor’s messages will look nice in the inbox. Yours will not.
  • 13.
    3. Because ifyou don’t care, your email will look bad
  • 14.
    3. Because ifyou don’t care, your email will look bad Gmail shows an exclamation point if you don’t authenticate with SPF or DKIM. Office 365 shows a red safety tip for messages that fail authentication. Email clients will start treating unauth’ed mail suspiciously going forward, and it will only lead to a more and more degraded experience for non-authed mail. In other words, things will not get any better for unauth’ed mail.
  • 15.
    1. The problem 2.Why email authentication? 3. Why don’t people do email authentication? 4. Automation can fix the problem 5. Conclusion
  • 17.
    1. The problem 2.Why email authentication? 3. Why don’t people do email authentication? 4. Automation can fix the problem 5. Conclusion
  • 19.
    Automatic cat feedensures Esmerelda (the young, tabbie cat) doesn’t scarf down all her food at once, feeds her 4x per day
  • 20.
    A pet feederwith microchip ensures that only Ruby (the orange, older cat) can have access to that set of food. The feeder detects the microchip that has been paired to the cat which I had to do manually. Ruby did not cooperate while I did that.
  • 21.
    “All happy familiesare alike; each unhappy family is unhappy in its own way.” - Leo Tolstoy, from Anna Karenina
  • 22.
    What does thismean? Happy families do everything right – stable home, good financial situation, strong extended family, good neighborhood, and so forth. Happy families must do all of these. An unhappy family only needs one of these to go wrong. Thus, happy families need 10/10 conditions, unhappy ones need only 1/10 to be bad, and each 1/10 can be different than the next.
  • 23.
    What does thismean for email? Email auth must do everything right – correct syntax, well maintained, understood by knowledgeable people, and so forth. It is trivially easy for email authentication to go poorly in a big organization... Or a medium-size one… or a small one. And there are many different ways for it to go wrong.
  • 26.
    I say whereto look it up from DNS CNAME Pushing a button sets this up
  • 27.
    I say whereto look it up from DNS CNAME Pushing a button sets this up
  • 28.
    I say whereto look it up from DNS CNAME Pushing a button sets this up
  • 29.
    I say whereto look it up from DNS CNAME Pushing a button sets this up
  • 32.
    I say whereto look it up from DNS redirect, macro
  • 33.
    I say whereto look it up from DNS redirect, macro
  • 34.
    I say whereto look it up from DNS redirect, macro
  • 35.
    I say whereto look it up from DNS redirect, macro
  • 39.
    1. Enforces compliance 2.Reduces errors 3. But… adds some additional cost to service provider 4. But… still requires some configuration for some domains
  • 40.
    1. Email authenticationis becoming more important 2. But it’s difficult to do 3. So, we need to automate it because that’s the only way it will work over the long run

Editor's Notes

  • #2 Solid background, with 1 box highlight
  • #6 Ruby is a young-middle aged cat and doesn’t eat her food all at once. She comes back to it and munches about 15 times per day. Esmerelda is young and gulps down her food, and then goes to Ruby and eats hers, too. Esmerelda eats too much, Ruby gets too little.
  • #10 Spear phishing is possible because From: domain spoofing is easy to do. Office 365 has a lot of backend intelligence to stop this in the absence of SPF, DKIM, and DMARC records but the fact remains that unprotected domains leaves you open to spoofing
  • #11 Spear phishing is possible because From: domain spoofing is easy to do. Office 365 has a lot of backend intelligence to stop this in the absence of SPF, DKIM, and DMARC records but the fact remains that unprotected domains leaves you open to spoofing
  • #12 Email clients want to give you a rich experience. The above example is an agreed-upon XML standard between airlines and email clients that if they send in a certain format, the email client will “promote” the features and display them prominently. However, if you don’t authenticate your email, receivers will be wary about showing the rich content. So, your competitor’s messages will look nice in the inbox. Yours will not.
  • #13 Email clients want to give you a rich experience. The above example is an agreed-upon XML standard between airlines and email clients that if they send in a certain format, the email client will “promote” the features and display them prominently. However, if you don’t authenticate your email, receivers will be wary about showing the rich content. So, your competitor’s messages will look nice in the inbox. Yours will not.
  • #14 Gmail shows an exclamation point if you don’t authenticate with SPF or DKIM. Email clients will start treating unauth’ed mail suspiciously going forward, and it will only lead to a more and more degraded experience for non-authed mail. In other words, things will not get any better.
  • #15 Gmail shows an exclamation point if you don’t authenticate with SPF or DKIM. Email clients will start treating unauth’ed mail suspiciously going forward, and it will only lead to a more and more degraded experience for non-authed mail. In other words, things will not get any better.
  • #19 Automatic cat feed ensures Esmerelda doesn’t scarf down all her food at once Pet feeder with microchip ensures that only Ruby can have access to that set of food
  • #20 Automatic cat feed ensures Esmerelda doesn’t scarf down all her food at once Pet feeder with microchip ensures that only Ruby can have access to that set of food
  • #21 Automatic cat feed ensures Esmerelda doesn’t scarf down all her food at once Pet feeder with microchip ensures that only Ruby can have access to that set of food