I’m thinking I may need to deploy DMARC report automation sooner rather than later.
… and so on, and on, and on for a lot further down the mailbox.
October 14, 2018
Good morning DMARC
14October
July 19, 2018
Minimal DMARC
19July
The intent of DMARC is to cause emails to silently vanish. Ideally deploying DMARC would cause all malicious email that uses your domain in the From address, but which has absolutely nothing to with you to vanish, while still allowing all email you send, including mail that was sent through third parties or forwarded, to be delivered. For some organizations you can get really close to that ideal...
April 9, 2018
Brand indicators in email
09April
A number of companies in the email industry have been working on a way to better identify authenticated emails to users. One proposal is Brand Indicators for Message Identification (BIMI). A couple weeks ago, Agari announced a pilot program with some brands and a number of major consumer mail providers. These logos should be available in the Yahoo interface now and will be rolling out at other...
December 21, 2017
Authentication is about Identity, not Virtue
21December
I just got some mail claiming to be from “Bank of America <secure@bofasecure.com>”. It passes SPF: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=185.235.176.160; helo=bofasecure.com; It passes DKIM: Authentication-Results: mx.wordtothewise.com (amavisd-new);Â dkim=pass (1024-bit key) header.d=bofasecure.com The visible RFC 822 From address is strictly...
December 13, 2017
Organizational Domain
13December
We often want to know whether two hostnames are controlled by the same person, or not. One case for that is cookie privacy in web browsers. We want pages at www.blighty.com and images.blighty.com and blighty.com to all be able to set and read cookies for each other – so a user only needs to log in once for pages or images on all of them to work well together. So we allow all of them to...
December 5, 2017
About that DMARC "exploit"
05December
A security researcher has identified a rendering flaw that allows for “perfect” phishing emails. From his website: Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC...
October 18, 2017
The feds are deploying DMARC
18October
The US National Cybersecurity Assessments & Technical Services Team have issued a mandate on web and email security, including TLS+HSTS for web servers, and STARTTLS+SPF+DKIM+DMARC for email. It’s … pretty decent for a brief, public requirements doc. It’s compatible with a prudent rollout of email authentication. Set up a centralized reporting repository for DMARC failure...
August 1, 2017
Email pranks and spoofing
01August
Earlier today a twitter user calling himself Email Prankster released copies of email conversations with various members of the current US administration. Based on his twitter feed, and articles from BBC News and CNN, it appears that the prankster forged “friendly from” names in emails to staffers. A bunch of folks will jump on this bandwagon and start making all sorts of claims about...
July 17, 2017
People are the weakest link
17July
All of the technical security in the world won’t fix the biggest security problem: people. Let’s face it, we are the weakest link. Adding more security doesn’t work, it only causes people to figure out ways to get around the security. The more secure you make something, the less secure it becomes. Why? Because when security gets in the way, sensible, well-meaning, dedicated...
June 16, 2017
DMARC doesn't fix Phishing
16June
Not a new thing, but a nice example just popped up in my inbox on my phone. But FedEx solved their entire phishing problem when they published a strict p=reject DMARC record, right? This didn’t come from fedex.com. It came from another domain that looks vaguely like fedex.com – what that domain is doesn’t matter, as the domain it’s sent from isn’t displayed to...
RSS - Posts