Email Security - DMARC
ed Encryption
… non perdere tempo, non perdere dati e
soprattutto evitare le trappole …
Cristiano Cafferata <[email protected]>
Claudia Parodi <[email protected]>
Two words of history
E-mail was not designed with security in mind
RFC 821, Jonathan B. Postel, August 1982
Quote: «The objective of Simple Mail Transfer Protocol
(SMTP) is to transfer mail reliably and efficiently.»
The fact it’s called Simple Mail Transfer Protocol
should give us a hint
The Internet in 1982 was a much different – and
perhaps frendlier – place
TCP was not the ubiquitous standard we have today
(RFC793 is just a few months earlier, September 1981)
The State of Email
Today
Virus – 100M+ Botnet systems
worldwide
Inbound & Outbound
Threats – Time-Zero Virus, DHA, DOS,
Zombies
Legal – Offensive words/images,
Disclaimers
Regulatory – Sending and receiving
confidential information
Unwanted – Competitors, recruiters
Don’t forget about
LDAP integration, Archiving, Encryption,
Anti-Spam
98% anti-spam
effectiveness is just
Volume of spam per day in
Q3 2013. Recent decline in
spam volume is welcome
but..
Number of unique phishing
sites detected in June 2013
38,000
35%
20M
Unique malware
threats in 2013 (at an
all time high)
Email Security – Beyond
Anti-spam
Encryption
&
Reputation
What’s top on
Health Care Breaches
by Email
Brand Protection - Who
is sending emails on
your behalf?
With DMARC
1.
Visibility – Finally I can see
2.
I can take action
3.
I can align everything to the
known and reduce the
unknown
Known
Servers
Unconfirmed
sources
Threats
and
unknown
sources
Previous attempts on
email security
S/MIME
«E-mail signature»
Assures content of message – an extension to
RFC822
Drawbacks: adoption, certificate lifecycle
management
In Italy: PEC «Posta Elettronica Certificata»
DMARC Implementation
D
omain-based
M
essage
A
uthentication,
R
eporting &
C
onformance
Allowing email senders to
specify whether their content
is authenticated by protocols
such as SPF or DKIM
Helping receivers identify
fraudulent emails and
performing action to keep
them out of Inboxes
How it works?
Policy based
Feedback loop
Reports
SPF
DKIM
DMARC
Authorized Senders
Primary Mail
Server
Authorized
Unauthorized
Mail Server(s)
Spammers
DNS (SFP+DKIM+DMARC)
Receiving
Servers
Authentication passed Deliver to recipientUnauthorized Senders
Primary Mail
Server
Authorized
Server(s)
Unauthorized
Mail Server(s)
Spammers
DNS (SFP+DKIM+DMARC)
Receiving
Servers
Authentication failed Deliver to Junk/Reject Daily aggregate reportAlign Unauthorized Senders
Primary
Mail Server
Authorized
Authorized
Mail Server(s)
Spammers
DNS (SFP+DKIM+DMARC)
Receiving
Servers
Authentication passedSpammers
Primary Mail
Server
Authorized
Server(s)
Spammers
DNS (SFP+DKIM+DMARC)
Receiving
Servers
Authentication failed Deliver to Junk/Reject Daily aggregate reportAuthorized
Mail Server(s)
DMARC - What is it?
«Domain-based Message Authentication,
Reporting & Conformance»
DMARC standardizes how email receivers
perform email authentication using the
well-known SPF and DKIM mechanisms.
DMARC - Goals
At a high level, DMARC is
designed to satisfy the
following requirements:
Minimize false positives
Provide robust
authentication reporting
Assert sender policy at
receivers
Reduce successful phishing
delivery
DMARC – How does it
work?
A DMARC policy
allows a sender to
indicate that their
emails are protected
by SPF and/or DKIM,
and tells a receiver
what to do if neither of
those authentication
methods passes
-DMARC – Policy
DMARC policies are
published in the
public Domain Name
System (DNS), and
available to everyone
Because the
specification is
available with no
licensing or similar
restriction, any
interested party is
DMARC – DNS Settings
1.
Nome Record: «_dmarc.tuo_dominio.com.»
2.
Contenuto
"v=DMARC1;p=reject;pct=100;rua=mailto:po
[email protected]"
SPF – What is it?
The Sender Policy
Framework (SPF) is an
open standard
specifying a technical
method to prevent
sender address forgery
More precisely, the
current version of SPF
— called SPFv1 or SPF
Classic — protects the
envelope sender
SPF – How does it
work?
Even more precisely, SPFv1
allows the owner of a domain to
specify their mail sending policy
The technology requires two
sides to play together:
1.
The domain owner publishes
this information in an SPF
record in the domain's DNS
zone.
2.
The receiving server check
whether the message complies
with the domain's stated policy.
SPF – Policy
DNS Record:
«
example.net. TXT "v=spf1 mx
a:pluto.example.net
DKIM – What is it?
•
DomainKeys Identified Mail (DKIM) lets an
organization take responsibility for a
message that is in transit.
•
Their reputation is the basis for evaluating
whether to trust the message for further
handling, such as delivery.
•
Technically DKIM provides a method for
validating a domain name identity that is
associated with a message through
DKIM – How does it
work?
•
DKIM attaches a new domain
name identifier to a message
and uses cryptographic
techniques to validate
authorization for its presence
•
The identifier is independent of
any other identifier in the
DKIM – Policy
Esempio:
DNS TXT Record: «mail._domainkey.testmail.com»
Valore: «v=DKIM1;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0
chtL4siFYCrSPxw43fqc4z
Oo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeoo
liRd7SXIhKpXkgkwn
AB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1H
WKleP13UXCD8macUEb bcBhthrnETKoCg8wOwIDAQAB »
v=DKIM1;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0
chtL4siFYCrSPxw43fqc4z
Oo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeoo
liRd7SXIhKpXkgkwn
DKIM – Implementation
1.
Censire tutti i domini di posta da
proteggere
2.
Creare la coppia di chiavi
pubblica e privata:
1.
Chiave pubblica: pubblicarla sul vostro DNS
tramite record apposito
2.
Chiave privata: configurarla sugli MTA
3.
Inserire la chiave pubblica nel
How to enable DKIM on
inbound?
How to enable DKIM on
outbound?
How to enable DMARC?
Enable SPF and DKIM to enable DMARC
