SlideShare una empresa de Scribd logo

Fighting Abuse with DNS

Men and Mice
Men and Mice

In this installment of the Men & Mice webinar series, Mr. Carsten Strotmann will talk about the role that DNS plays in fighting malware and spam. The discussion will dig into DNS blacklists, domain reputation, Response Policy Zones and how the new TLDs have changed the game.

Tecnología
1 de 45
Descargar para leer sin conexión
© Men & Mice http://menandmice,com SPF, DKIM and DMARC Mail-Reputation and DNS Wednesday 26 October 16
© Men & Mice http://menandmice,com Sender Policy Framework Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF •Sender Policy Framework (SPF) defines the addresses mails can be originated for a given domain •this information is stored in it’s own SPF-Format inside a TXT-Record • there has been a dedicated SPF record type, that has been deprecated because it was ignored by Mail- and DNS-admins •Website: http://www.openspf.org Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record google.com. 3600 IN TXT "v=spf1 include:_spf.google.com ~all" Mail-Sender Domain SPF-Format Version Include SPF- Information from subdomain Soft-Fail SPF- Checks Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record _spf.google.com. 299 INTXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" Includes of Google Network Blocks Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record _spf.google.com. 299 INTXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" Includes of Google Network Blocks Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record _netblocks.google.com. 3600 IN TXT "v=spf1 ip4:64.18.0.0/20 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:207.126.144.0/20 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all" Google Mail-Sending addresses Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 looking up SPF-Record for “example.com” Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 example.com IN TXT “v=spf1 ipv4:192.0.2.0/24 -all” Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 check if sending address is within SPF- Data Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server mail has been received Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF issues •SPF is problematic with some mail functions where mail is send indirectly •mail-forwarding •mailing lists •webforms - http://bsdly.blogspot.nl/2016/10/is-spf-simply-too-hard-for-application.html Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 192.0.2.123 Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 looking up SPF-Record for “example.com” Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 example.com IN TXT “v=spf1 ipv4:192.0.2.0/24 -all” Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 check if sending address is within SPF- Data Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 mail rejected, as the sender IP does not appear in the SPF data Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 mail rejected, as the sender IP does not appear in the SPF data Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM DomainKeys Identified Mail Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM • DKIM cryptographically signs selected mail headers and the mail content • DKIM is used to validate the mail message content but not to secure the transport path • No upgrade to User Client (Client E-Mail program) needed • But E-Mail Clients can offer per-User signing, as an option • DKIM Management can be “outsourced” (ISP, E-Mail Hosting Provider) • No PKI Infrastructure needed, only depends on DNS Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM • DKIM Website • http://dkim.org/ • Documents • RFC 5585 - DomainKeys Identified Mail (DKIM) Service Overview https://tools.ietf.org/html/rfc5585 • RFC 6376 - DomainKeys Identified Mail (DKIM) Signatures https://tools.ietf.org/html/rfc6376 • RFC 5863 - DomainKeys Identified Mail (DKIM) Development, Deployment, and Operations https://tools.ietf.org/html/rfc5863 • RFC 5617 - DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP) https://tools.ietf.org/html/rfc5617 • RFC 6377 - DomainKeys Identified Mail (DKIM) and Mailing Lists https://tools.ietf.org/html/rfc6377 Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] DKIM Version Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] DKIM Signing Algorithm Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] canonicalization algorithm: "relaxed" algorithm that tolerates common modifications such as whitespace replacement and header field line rewrapping Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Domain of the sending party, this is where the public key to verify the signature is located Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Subdomain selector: will pre prepended to the domain to fetch the DKIM public key Wednesday 26 October 16
© Men & Mice http://menandmice,com Fetching the DKIM key •The DKIM public key can be found inside a TXT record at a domain name build from • selector • subdomain “_domainkey” • base mail domain (d: field) $ dig selector1-menandmice-com._domainkey.mennogmys.onmicrosoft.com TXT +short "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDenG16IONFpDPACAhDnCd/ N98W277rSbwSoatar767pSYtT+CClFqhmEePynSVGdS0RxIjFZscmVN5RZjnfD +HE1HL4XvUtxnnb1j0PeNfhrDHy7BHFGux6exfL7/splByKu7qhLBP10+SyAjiE4Qc6xWfCQ3MzmECZGW/ CzzmOQIDAQAB; n=1024,1450909615,1" Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Header-Fields signed by the sending party Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Body-Hash: Hash of the message body Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Signature over header fields and Body-Hash Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM operation example.com authoritative DNS example.com outgoing mail receiving mail server mail forwarder mail get signed with “example.com” private DKIM key Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM operation example.com authoritative DNS example.com outgoing mail receiving mail server mail forwarder sending mail from user@example.com on port 25 from 192.0.2.123 Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 mail forwarder Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 looking up DKIM public key for “example.com” mail forwarder Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 _domainkeys.example.com IN TXT “v=DKIM1; k=rsa; p=MIG[...]” mail forwarder Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 validating DKIM signed headers and body mail forwarder Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server mail has been received Wednesday 26 October 16
© Men & Mice http://menandmice,com DMARC Domain-based Message Authentication, Reporting & Conformance Wednesday 26 October 16
© Men & Mice http://menandmice,com DMARC •DMARC builds on top of SPF and DKIM •it allows the owner of an email domain to publish a policy about SPF and DKIM failures •DMARC can be used to publish a feedback channel to let the domain owner know of spoofed mail from his domain •the DMARC policy is stored in DNS Wednesday 26 October 16
© Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Protocol Version Wednesday 26 October 16
© Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Policy for organizational domain Wednesday 26 October 16
© Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Percentage of messages subjected to filtering Wednesday 26 October 16
© Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Where to send the aggregated mis-use reports Wednesday 26 October 16

Recomendados

SPF, DKIM en DMARC
SPF, DKIM en DMARCSPF, DKIM en DMARC
SPF, DKIM en DMARCJeffrey Cafferata
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
DNS Security
DNS SecurityDNS Security
DNS Securityjohnmcclure00
 
Wpa3
Wpa3Wpa3
Wpa3Bhavya Dashora
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
TS31103 ISIM introduction
TS31103 ISIM introductionTS31103 ISIM introduction
TS31103 ISIM introductionKimmy Yang
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefencePrakashchand Suthar
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name SystemABDUL GAFOOR K V
 

Recomendados

SPF, DKIM en DMARC
SPF, DKIM en DMARCSPF, DKIM en DMARC
SPF, DKIM en DMARCJeffrey Cafferata
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
DNS Security
DNS SecurityDNS Security
DNS Securityjohnmcclure00
 
Wpa3
Wpa3Wpa3
Wpa3Bhavya Dashora
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
TS31103 ISIM introduction
TS31103 ISIM introductionTS31103 ISIM introduction
TS31103 ISIM introductionKimmy Yang
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefencePrakashchand Suthar
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name SystemABDUL GAFOOR K V
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSECAPNIC
 
Understanding and hiding your operations
Understanding and hiding your operationsUnderstanding and hiding your operations
Understanding and hiding your operationsDaniel López Jiménez
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active DirectorySunny Neo
 
(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory PwnagePetros Koutroumpis
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & AnalysisPawandeep Kaur
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
IP Address
IP AddressIP Address
IP AddressSameer Alam
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Dns security
Dns securityDns security
Dns securityDhaval Kapil
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
WPA 3
WPA 3WPA 3
WPA 3diggu22
 
DNS Security
DNS SecurityDNS Security
DNS Securityinbroker
 
ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active DirectoryWill Schroeder
 
Welcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSWelcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSMike Felch
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
TLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailTLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailrinnocente
 

Más contenido relacionado

La actualidad más candente

DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSECAPNIC
 
Understanding and hiding your operations
Understanding and hiding your operationsUnderstanding and hiding your operations
Understanding and hiding your operationsDaniel López Jiménez
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active DirectorySunny Neo
 
(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory PwnagePetros Koutroumpis
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & AnalysisPawandeep Kaur
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
DNS Security
DNS SecurityDNS Security
DNS Securityinbroker
 
ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active DirectoryWill Schroeder
 
Welcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSWelcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSMike Felch
 

La actualidad más candente (20)

DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSEC
 
Understanding and hiding your operations
Understanding and hiding your operationsUnderstanding and hiding your operations
Understanding and hiding your operations
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active Directory
 
(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & Analysis
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypot
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting Revisited
 
IP Address
IP AddressIP Address
IP Address
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find Them
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
 
Dns security
Dns securityDns security
Dns security
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
 
WPA 3
WPA 3WPA 3
WPA 3
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active Directory
 
Welcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWSWelcome to the Jungle: Pentesting AWS
Welcome to the Jungle: Pentesting AWS
 

Destacado

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
TLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailTLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailrinnocente
 
Using DMARC to Improve Your Email Reputation
Using DMARC to Improve Your Email ReputationUsing DMARC to Improve Your Email Reputation
Using DMARC to Improve Your Email ReputationTerry Zink
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices WebinarMen and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitMen and Mice
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27APNIC
 
Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoSFakrul Alam
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSECMen and Mice
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and securityMichael Earls
 
Linux15 dynamic dns-2
Linux15 dynamic dns-2Linux15 dynamic dns-2
Linux15 dynamic dns-2Jainul Musani
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedMen and Mice
 
DDoS Attacks : Preparation Detection Mitigation
DDoS Attacks : Preparation Detection MitigationDDoS Attacks : Preparation Detection Mitigation
DDoS Attacks : Preparation Detection MitigationFakrul Alam
 
Fighting Email Abuse with DMARC
Fighting Email Abuse with DMARCFighting Email Abuse with DMARC
Fighting Email Abuse with DMARCKurt Andersen
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureSam Bowne
 

Destacado (18)

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
TLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailTLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated email
 
Using DMARC to Improve Your Email Reputation
Using DMARC to Improve Your Email ReputationUsing DMARC to Improve Your Email Reputation
Using DMARC to Improve Your Email Reputation
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27
 
DNSSec
DNSSecDNSSec
DNSSec
 
Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoS
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
 
Linux15 dynamic dns-2
Linux15 dynamic dns-2Linux15 dynamic dns-2
Linux15 dynamic dns-2
 
Linux14 Dynamic DNS
Linux14 Dynamic DNSLinux14 Dynamic DNS
Linux14 Dynamic DNS
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloaded
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
DDoS Attacks : Preparation Detection Mitigation
DDoS Attacks : Preparation Detection MitigationDDoS Attacks : Preparation Detection Mitigation
DDoS Attacks : Preparation Detection Mitigation
 
Fighting Email Abuse with DMARC
Fighting Email Abuse with DMARCFighting Email Abuse with DMARC
Fighting Email Abuse with DMARC
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and Architecture
 

Similar a Fighting Abuse with DNS

New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsOpenDNS
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption securityMen and Mice
 
JS Fest 2019. Andrew Betts. Headers for hackers
JS Fest 2019. Andrew Betts. Headers for hackersJS Fest 2019. Andrew Betts. Headers for hackers
JS Fest 2019. Andrew Betts. Headers for hackersJSFestUA
 
Massive emailing with Linux, Postfix and Ruby on Rails
Massive emailing with Linux, Postfix and Ruby on RailsMassive emailing with Linux, Postfix and Ruby on Rails
Massive emailing with Linux, Postfix and Ruby on Railsibelmonte
 
Dns configuration on rhel 5
Dns configuration on rhel 5Dns configuration on rhel 5
Dns configuration on rhel 5Subin Selvaraj
 
DMARC Implementation across all domains
DMARC Implementation across all domainsDMARC Implementation across all domains
DMARC Implementation across all domainsCTM360
 
Let's go HTTPS-only! - More Than Buying a Certificate
Let's go HTTPS-only! - More Than Buying a CertificateLet's go HTTPS-only! - More Than Buying a Certificate
Let's go HTTPS-only! - More Than Buying a CertificateSteffen Gebert
 
B2B Email Deliverability - Getting to the Inbox
B2B Email Deliverability - Getting to the InboxB2B Email Deliverability - Getting to the Inbox
B2B Email Deliverability - Getting to the InboxB2BCamp
 
SeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & MeSeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & MeWendy Knox Everette
 
Honing headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextHoning headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextFastly
 
Honing headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextHoning headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextFastly
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]APNIC
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsMen and Mice
 
Securing the Foundation to Secure the Cloud
Securing the Foundation to Secure the CloudSecuring the Foundation to Secure the Cloud
Securing the Foundation to Secure the CloudTrent Adams
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
 
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptWaf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptDenis Kolegov
 
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008ClubHack
 

Similar a Fighting Abuse with DNS (20)

New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
Green Locks for You and Me
Green Locks for You and MeGreen Locks for You and Me
Green Locks for You and Me
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
 
JS Fest 2019. Andrew Betts. Headers for hackers
JS Fest 2019. Andrew Betts. Headers for hackersJS Fest 2019. Andrew Betts. Headers for hackers
JS Fest 2019. Andrew Betts. Headers for hackers
 
Massive emailing with Linux, Postfix and Ruby on Rails
Massive emailing with Linux, Postfix and Ruby on RailsMassive emailing with Linux, Postfix and Ruby on Rails
Massive emailing with Linux, Postfix and Ruby on Rails
 
Dns configuration on rhel 5
Dns configuration on rhel 5Dns configuration on rhel 5
Dns configuration on rhel 5
 
DMARC Implementation across all domains
DMARC Implementation across all domainsDMARC Implementation across all domains
DMARC Implementation across all domains
 
Let's go HTTPS-only! - More Than Buying a Certificate
Let's go HTTPS-only! - More Than Buying a CertificateLet's go HTTPS-only! - More Than Buying a Certificate
Let's go HTTPS-only! - More Than Buying a Certificate
 
B2B Email Deliverability - Getting to the Inbox
B2B Email Deliverability - Getting to the InboxB2B Email Deliverability - Getting to the Inbox
B2B Email Deliverability - Getting to the Inbox
 
SeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & MeSeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & Me
 
DNS hijacking - null Singapore
DNS hijacking - null SingaporeDNS hijacking - null Singapore
DNS hijacking - null Singapore
 
Honing headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextHoning headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertext
 
Honing headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextHoning headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertext
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
 
Securing the Foundation to Secure the Cloud
Securing the Foundation to Secure the CloudSecuring the Foundation to Secure the Cloud
Securing the Foundation to Secure the Cloud
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptWaf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScript
 
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
 

Más de Men and Mice

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesMen and Mice
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial Men and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2Men and Mice
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review WebinarMen and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report WebinarMen and Mice
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS ServerMen and Mice
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)Men and Mice
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEMen and Mice
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteMen and Mice
 

Más de Men and Mice (20)

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows Networks
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 
IETF 92 Webinar
IETF 92 WebinarIETF 92 Webinar
IETF 92 Webinar
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANE
 
RIPE 68 Webinar
RIPE 68 WebinarRIPE 68 Webinar
RIPE 68 Webinar
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
 

Último

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Último (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

Fighting Abuse with DNS

  • 1. © Men & Mice http://menandmice,com SPF, DKIM and DMARC Mail-Reputation and DNS Wednesday 26 October 16
  • 2. © Men & Mice http://menandmice,com Sender Policy Framework Wednesday 26 October 16
  • 3. © Men & Mice http://menandmice,com SPF •Sender Policy Framework (SPF) defines the addresses mails can be originated for a given domain •this information is stored in it’s own SPF-Format inside a TXT-Record • there has been a dedicated SPF record type, that has been deprecated because it was ignored by Mail- and DNS-admins •Website: http://www.openspf.org Wednesday 26 October 16
  • 4. © Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record google.com. 3600 IN TXT "v=spf1 include:_spf.google.com ~all" Mail-Sender Domain SPF-Format Version Include SPF- Information from subdomain Soft-Fail SPF- Checks Wednesday 26 October 16
  • 5. © Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record _spf.google.com. 299 INTXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" Includes of Google Network Blocks Wednesday 26 October 16
  • 6. © Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record _spf.google.com. 299 INTXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" Includes of Google Network Blocks Wednesday 26 October 16
  • 7. © Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record _netblocks.google.com. 3600 IN TXT "v=spf1 ip4:64.18.0.0/20 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:207.126.144.0/20 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all" Google Mail-Sending addresses Wednesday 26 October 16
  • 8. © Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 Wednesday 26 October 16
  • 9. © Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 looking up SPF-Record for “example.com” Wednesday 26 October 16
  • 10. © Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 example.com IN TXT “v=spf1 ipv4:192.0.2.0/24 -all” Wednesday 26 October 16
  • 11. © Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 check if sending address is within SPF- Data Wednesday 26 October 16
  • 12. © Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server mail has been received Wednesday 26 October 16
  • 13. © Men & Mice http://menandmice,com SPF issues •SPF is problematic with some mail functions where mail is send indirectly •mail-forwarding •mailing lists •webforms - http://bsdly.blogspot.nl/2016/10/is-spf-simply-too-hard-for-application.html Wednesday 26 October 16
  • 14. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 192.0.2.123 Wednesday 26 October 16
  • 15. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 Wednesday 26 October 16
  • 16. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 looking up SPF-Record for “example.com” Wednesday 26 October 16
  • 17. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 example.com IN TXT “v=spf1 ipv4:192.0.2.0/24 -all” Wednesday 26 October 16
  • 18. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 check if sending address is within SPF- Data Wednesday 26 October 16
  • 19. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 mail rejected, as the sender IP does not appear in the SPF data Wednesday 26 October 16
  • 20. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 mail rejected, as the sender IP does not appear in the SPF data Wednesday 26 October 16
  • 21. © Men & Mice http://menandmice,com DKIM DomainKeys Identified Mail Wednesday 26 October 16
  • 22. © Men & Mice http://menandmice,com DKIM • DKIM cryptographically signs selected mail headers and the mail content • DKIM is used to validate the mail message content but not to secure the transport path • No upgrade to User Client (Client E-Mail program) needed • But E-Mail Clients can offer per-User signing, as an option • DKIM Management can be “outsourced” (ISP, E-Mail Hosting Provider) • No PKI Infrastructure needed, only depends on DNS Wednesday 26 October 16
  • 23. © Men & Mice http://menandmice,com DKIM • DKIM Website • http://dkim.org/ • Documents • RFC 5585 - DomainKeys Identified Mail (DKIM) Service Overview https://tools.ietf.org/html/rfc5585 • RFC 6376 - DomainKeys Identified Mail (DKIM) Signatures https://tools.ietf.org/html/rfc6376 • RFC 5863 - DomainKeys Identified Mail (DKIM) Development, Deployment, and Operations https://tools.ietf.org/html/rfc5863 • RFC 5617 - DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP) https://tools.ietf.org/html/rfc5617 • RFC 6377 - DomainKeys Identified Mail (DKIM) and Mailing Lists https://tools.ietf.org/html/rfc6377 Wednesday 26 October 16
  • 24. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] DKIM Version Wednesday 26 October 16
  • 25. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] DKIM Signing Algorithm Wednesday 26 October 16
  • 26. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] canonicalization algorithm: "relaxed" algorithm that tolerates common modifications such as whitespace replacement and header field line rewrapping Wednesday 26 October 16
  • 27. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Domain of the sending party, this is where the public key to verify the signature is located Wednesday 26 October 16
  • 28. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Subdomain selector: will pre prepended to the domain to fetch the DKIM public key Wednesday 26 October 16
  • 29. © Men & Mice http://menandmice,com Fetching the DKIM key •The DKIM public key can be found inside a TXT record at a domain name build from • selector • subdomain “_domainkey” • base mail domain (d: field) $ dig selector1-menandmice-com._domainkey.mennogmys.onmicrosoft.com TXT +short "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDenG16IONFpDPACAhDnCd/ N98W277rSbwSoatar767pSYtT+CClFqhmEePynSVGdS0RxIjFZscmVN5RZjnfD +HE1HL4XvUtxnnb1j0PeNfhrDHy7BHFGux6exfL7/splByKu7qhLBP10+SyAjiE4Qc6xWfCQ3MzmECZGW/ CzzmOQIDAQAB; n=1024,1450909615,1" Wednesday 26 October 16
  • 30. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Header-Fields signed by the sending party Wednesday 26 October 16
  • 31. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Body-Hash: Hash of the message body Wednesday 26 October 16
  • 32. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Signature over header fields and Body-Hash Wednesday 26 October 16
  • 33. © Men & Mice http://menandmice,com DKIM operation example.com authoritative DNS example.com outgoing mail receiving mail server mail forwarder mail get signed with “example.com” private DKIM key Wednesday 26 October 16
  • 34. © Men & Mice http://menandmice,com DKIM operation example.com authoritative DNS example.com outgoing mail receiving mail server mail forwarder sending mail from user@example.com on port 25 from 192.0.2.123 Wednesday 26 October 16
  • 35. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 mail forwarder Wednesday 26 October 16
  • 36. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 looking up DKIM public key for “example.com” mail forwarder Wednesday 26 October 16
  • 37. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 _domainkeys.example.com IN TXT “v=DKIM1; k=rsa; p=MIG[...]” mail forwarder Wednesday 26 October 16
  • 38. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 validating DKIM signed headers and body mail forwarder Wednesday 26 October 16
  • 39. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server mail has been received Wednesday 26 October 16
  • 40. © Men & Mice http://menandmice,com DMARC Domain-based Message Authentication, Reporting & Conformance Wednesday 26 October 16
  • 41. © Men & Mice http://menandmice,com DMARC •DMARC builds on top of SPF and DKIM •it allows the owner of an email domain to publish a policy about SPF and DKIM failures •DMARC can be used to publish a feedback channel to let the domain owner know of spoofed mail from his domain •the DMARC policy is stored in DNS Wednesday 26 October 16
  • 42. © Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Protocol Version Wednesday 26 October 16
  • 43. © Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Policy for organizational domain Wednesday 26 October 16
  • 44. © Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Percentage of messages subjected to filtering Wednesday 26 October 16
  • 45. © Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Where to send the aggregated mis-use reports Wednesday 26 October 16