Category: Email

How to Secure Your Email and Keep it Out of Junk! Part 2

Posted on by admin

PART 2 – DKIM

Currently, the three protocols you need to put into place to secure and authorize your email are SPF, DMARC and DKIM. This post will talk about creating a DKIM record. DKIM stands for Domain Keys Identified Email and is a somewhat more involved and challenging element to implement than SPF. DKIM also requires outgoing email servers to be authorized over and above just adding a DNS record.

DKIM requires a DNS record that includes a public cryptography key to help verify that a sender is allowed to send email for a given domain as well as the private key that is used for signing outgoing email. Adding a DKIM entry for a domain is basically the same as the SPF record; add a new TXT record but for the host name option, you will need to use the proper “selector” which is basically a prefix for your domain and then the public cryptography key. There are lots of ways to generate a proper key – on a Linux system, ssh-keygen tool can be used and on a Microsoft system, PuTTYgen can be used. For a Microsoft 365 hosted domain, double check the Admin portal as it will give you instructions on setting up the selectors properly. You can also search online for tools that will generate the proper public/private key pair. A sample DKIM entry may look something like the following:

TXT Record .dmarc._domainkey.dmarc.site v=DKIM1; t=s; p=ASDJAQWERTSDNGFDSJKassdalkre

But that only covers the DNS entry portion of the DKIM record setup. The other half is getting a DKIM signer setup on a mail server. This is where we recommend to use Microsoft 365 to host your email as you can use their detailed guide on how to get this implemented.

Once you have all of the records in place, head on over to https://appmaildev.com and just follow the instructions to test your records.

How to Secure Your Email and Keep it Out of Junk! Part 3

Posted on by admin

PART 3 – DMARC

Currently, the three protocols you need to put into place to secure and authorize your email are SPF, DMARC and DKIM. This post will talk about creating a DMARC record. Without a DMARC record, and attacker can easily impersonate your domain and make any email look like it came from your account.

DMARC stands for Domain based Message Authentication, Reporting and Conformance – it is a protocol built on top of existing SPF and DKIM protocols. DMARC does a couple of things:

  1. It reads the results from SPF and DKIM
  2. It requires SPF AND DKIM to pass AND the domain used by both of those protocols has to be the same as the domain found in the ‘From’ address in order for DMARC to pass
  3. Reports SPF, DKIM and DMARC results back to the domain found in the ‘From’ address
  4. Tells receivers how to treat emails that fail the DMARC validation by specifying the policy in the DNS record

You will need to check with your hosting provided on the proper settings for a DMARC records. For example, with GoDaddy, you add a TXT record but make sure the host portion is “_dmarc”. Adding the actual DMARC record is probably best explained by showing an example record:

v=DAMRC1; p=quarantine; rua=mailto:reports@domain.com; ruf=mailto:reports@domain.com; adkim=r; aspf=r; rf=afrf

  1. The “p” option has three choices: none, quarantine, or reject. This sets how the email should be handled if it violates the policy. You may want to start off with quarantine to test your record first and then move to reject when you are comfortable your settings are correct
  2. The “adkim” and “aspf” options define how strictly DKIM and SPF policy should be applied – “s” indicates strict and “r” indicates relaxed.
  3. The “rua” option provides an address for aggregate data reports and the “ruf” provides and address for forensic reports.

Once you have all of the records in place, head on over to https://appmaildev.com and just follow the instructions to test your records.

An Example of What Ransomware Can Do

Posted on by admin

Here is a real world example of the danger and consequences of ransomware. Colonial Pipeline, who provides 45% of the East Coast’s fuel, had to shut down after it was hit with ransomware. Analysts have warned that a prolonged shutdown could lead to higher gas prices. Ransomware costs are expected to reach $20 billion this year alone!

Here is the link to the full story:

https://www.nytimes.com/2021/05/10/business/dealbook/ransomware-pipeline-colonial.html

Beware of the Increase in Deepfakes!

Posted on by admin

The evolution of technology used for cybercrime is scary! Deepfakes are the latest trend and can be used to craft a realistic scam when used maliciously. Here is a short video to help you learn about deepfakes, the threats they pose and how to spot one.

A couple of Quick Tips from the video:

  • Slow down and don’t feel rushed into action
  • Watch for clues of a deepfake, such as unnatural movement or blinking

Here is the link to the video:

https://www.pii-protect.com/MicroTrainings/micro_training_view/219?brand_key=zv53o&ID=490600

How to Secure Your Email and Keep it Out of Junk!

Posted on by admin

PART 1 – SPF Record

Currently, the three protocols you need to put into place to secure and authorize your email are SPF, DMARC and DKIM.  This first post will talk about the easiest to implement, Sender Policy Framework (SPF).

To quote Wikipedia:

(See Sender Policy Framework: https://en.wikipedia.org/wiki/Sender_Policy_Framework) “Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited to detecting a forged sender claim in the envelope of the email, which is used when the mail gets bounced. Only in combination with DMARC can it be used to detect the forging of the visible sender in emails (email spoofing), a technique often used in phishing and email spam.

SPF allows the receiving mail server to check during mail delivery that a mail claiming to come from a specific domain is submitted by an IP address authorized by that domain’s administrators. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records for that domain.”

So why is this important to implement?  When Simple Mail Transfer Protocol (SMTP – the internet standard communication protocol for electronic mail transmission) was designed, it did not have any built-in security features, encryption or authentication.  What this means is that SMTP allows any computer or server to send email that claims to be from anyone you want it to be from – therefore someone can send an email to your customers claiming it came from your email address.  This is one of the largest exploits used by spammers and phishing techniques to get people to open an email that they should not.

How to implement?  It is as simple as adding a record in your DNS.  I will not go into how to specifically add a DNS record as there are too numerous of ways to do so depending on the provider hosting your DNS, but in all cases, it is the same information.  You will need to add a new TXT record listing the servers or computers that are authorized to send email for your domain.  The computers can be defined by IP address or by FQDN.  The SPF record itself needs to incorporate the following:

  1. Start with the SPF version.  In almost all cases, that will be v=spf1
  2. Follow up with all the IP addresses or FQDN that are authorized to send email for your domain.  For example: v=spf1 ip4:X.X.X.X ip6:X.X.X.X.X.X.X.X
  3. Next, include any third-party organization that is used to send email on your behalf.  For instance, if your web site sends email out using a third-party system on your behalf.  If you have ever wondered why email going out from your web site or your blog lands in your customers Junk folder, this would be one reason that happens.  For example: v=spf1 ip4:X.X.X.X include:thirpartyservice.com
  4. When you have included all IP addresses and includes, you need to end the record with an ‘all’. The ‘all’ tag is an important part as it indicates what policy should be applied when the receiving end detects a server not listed in your SPF record. Here is the different ‘all’ tags:

-all:  Fail – servers that are not listed in the SPF record are not authorized to send email so reject

~all: Softfail – if the email is received from a server that is not listed, the email will be marked as soft fail ending up in the receiving ends ‘Junk’ folder.

+all: SHOULD NOT BE IMPLEMENTED as this tag allows any server to send email from your domain.

Here is a real-world example.  Anyone using Microsoft 365 would have this as a basic SPF record in their DNS:

v=spf1 spf.protection.outlook.com -all

If you are signed up for our email security system, you would see:

V=spf1 spf.protection.outlook.com include:scanscope.net -all

As you can see, if a domain publishes a SPF record, spammers and phishers are less likely to be able to forge emails pretending to come from you and are less likely to try.  Worst case scenario, those emails should show up in the receivers Junk folder which should be a warning in of itself.