SlideShare uma empresa Scribd logo

Fighting Abuse with DNS

Men and Mice
Men and Mice

In this installment of the Men & Mice webinar series, Mr. Carsten Strotmann will talk about the role that DNS plays in fighting malware and spam. The discussion will dig into DNS blacklists, domain reputation, Response Policy Zones and how the new TLDs have changed the game.

Tecnologia
1 de 45
Baixar para ler offline
© Men & Mice http://menandmice,com SPF, DKIM and DMARC Mail-Reputation and DNS Wednesday 26 October 16
© Men & Mice http://menandmice,com Sender Policy Framework Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF •Sender Policy Framework (SPF) defines the addresses mails can be originated for a given domain •this information is stored in it’s own SPF-Format inside a TXT-Record • there has been a dedicated SPF record type, that has been deprecated because it was ignored by Mail- and DNS-admins •Website: http://www.openspf.org Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record google.com. 3600 IN TXT "v=spf1 include:_spf.google.com ~all" Mail-Sender Domain SPF-Format Version Include SPF- Information from subdomain Soft-Fail SPF- Checks Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record _spf.google.com. 299 INTXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" Includes of Google Network Blocks Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record _spf.google.com. 299 INTXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" Includes of Google Network Blocks Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record _netblocks.google.com. 3600 IN TXT "v=spf1 ip4:64.18.0.0/20 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:207.126.144.0/20 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all" Google Mail-Sending addresses Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 looking up SPF-Record for “example.com” Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 example.com IN TXT “v=spf1 ipv4:192.0.2.0/24 -all” Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 check if sending address is within SPF- Data Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server mail has been received Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF issues •SPF is problematic with some mail functions where mail is send indirectly •mail-forwarding •mailing lists •webforms - http://bsdly.blogspot.nl/2016/10/is-spf-simply-too-hard-for-application.html Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 192.0.2.123 Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 looking up SPF-Record for “example.com” Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 example.com IN TXT “v=spf1 ipv4:192.0.2.0/24 -all” Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 check if sending address is within SPF- Data Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 mail rejected, as the sender IP does not appear in the SPF data Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 mail rejected, as the sender IP does not appear in the SPF data Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM DomainKeys Identified Mail Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM • DKIM cryptographically signs selected mail headers and the mail content • DKIM is used to validate the mail message content but not to secure the transport path • No upgrade to User Client (Client E-Mail program) needed • But E-Mail Clients can offer per-User signing, as an option • DKIM Management can be “outsourced” (ISP, E-Mail Hosting Provider) • No PKI Infrastructure needed, only depends on DNS Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM • DKIM Website • http://dkim.org/ • Documents • RFC 5585 - DomainKeys Identified Mail (DKIM) Service Overview https://tools.ietf.org/html/rfc5585 • RFC 6376 - DomainKeys Identified Mail (DKIM) Signatures https://tools.ietf.org/html/rfc6376 • RFC 5863 - DomainKeys Identified Mail (DKIM) Development, Deployment, and Operations https://tools.ietf.org/html/rfc5863 • RFC 5617 - DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP) https://tools.ietf.org/html/rfc5617 • RFC 6377 - DomainKeys Identified Mail (DKIM) and Mailing Lists https://tools.ietf.org/html/rfc6377 Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] DKIM Version Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] DKIM Signing Algorithm Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] canonicalization algorithm: "relaxed" algorithm that tolerates common modifications such as whitespace replacement and header field line rewrapping Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Domain of the sending party, this is where the public key to verify the signature is located Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Subdomain selector: will pre prepended to the domain to fetch the DKIM public key Wednesday 26 October 16
© Men & Mice http://menandmice,com Fetching the DKIM key •The DKIM public key can be found inside a TXT record at a domain name build from • selector • subdomain “_domainkey” • base mail domain (d: field) $ dig selector1-menandmice-com._domainkey.mennogmys.onmicrosoft.com TXT +short "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDenG16IONFpDPACAhDnCd/ N98W277rSbwSoatar767pSYtT+CClFqhmEePynSVGdS0RxIjFZscmVN5RZjnfD +HE1HL4XvUtxnnb1j0PeNfhrDHy7BHFGux6exfL7/splByKu7qhLBP10+SyAjiE4Qc6xWfCQ3MzmECZGW/ CzzmOQIDAQAB; n=1024,1450909615,1" Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Header-Fields signed by the sending party Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Body-Hash: Hash of the message body Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Signature over header fields and Body-Hash Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM operation example.com authoritative DNS example.com outgoing mail receiving mail server mail forwarder mail get signed with “example.com” private DKIM key Wednesday 26 October 16
© Men & Mice http://menandmice,com DKIM operation example.com authoritative DNS example.com outgoing mail receiving mail server mail forwarder sending mail from user@example.com on port 25 from 192.0.2.123 Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 mail forwarder Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 looking up DKIM public key for “example.com” mail forwarder Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 _domainkeys.example.com IN TXT “v=DKIM1; k=rsa; p=MIG[...]” mail forwarder Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 validating DKIM signed headers and body mail forwarder Wednesday 26 October 16
© Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server mail has been received Wednesday 26 October 16
© Men & Mice http://menandmice,com DMARC Domain-based Message Authentication, Reporting & Conformance Wednesday 26 October 16
© Men & Mice http://menandmice,com DMARC •DMARC builds on top of SPF and DKIM •it allows the owner of an email domain to publish a policy about SPF and DKIM failures •DMARC can be used to publish a feedback channel to let the domain owner know of spoofed mail from his domain •the DMARC policy is stored in DNS Wednesday 26 October 16
© Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Protocol Version Wednesday 26 October 16
© Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Policy for organizational domain Wednesday 26 October 16
© Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Percentage of messages subjected to filtering Wednesday 26 October 16
© Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Where to send the aggregated mis-use reports Wednesday 26 October 16

Recomendados

DMARC Overview
DMARC OverviewDMARC Overview
DMARC OverviewOWASP Delhi
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
 
Titulacion 2 1 Nmap
Titulacion 2 1 NmapTitulacion 2 1 Nmap
Titulacion 2 1 NmapAlexander's VL
 
CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1Sam Bowne
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamMyNOG
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 

Recomendados

DMARC Overview
DMARC OverviewDMARC Overview
DMARC OverviewOWASP Delhi
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
 
Titulacion 2 1 Nmap
Titulacion 2 1 NmapTitulacion 2 1 Nmap
Titulacion 2 1 NmapAlexander's VL
 
CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1Sam Bowne
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamMyNOG
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC BreakdownIgnyte Assurance Platform
 
EMC Deduplication Fundamentals
EMC Deduplication FundamentalsEMC Deduplication Fundamentals
EMC Deduplication Fundamentalsemcbaltics
 
How to recover from ransomware
How to recover from ransomwareHow to recover from ransomware
How to recover from ransomwareDatabarracks
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
Red Team P1.pdf
Red Team P1.pdfRed Team P1.pdf
Red Team P1.pdfsoheil hashemi
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
[Python] Quick book for dell switch_os10
[Python] Quick book for dell switch_os10[Python] Quick book for dell switch_os10
[Python] Quick book for dell switch_os10Jo Hoon
 
Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014Rodrigo Montoro
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationSam Bowne
 
"Hunting the Bad Guys: Using OSINT, Social Media & other tools within Splunk"
"Hunting the Bad Guys: Using OSINT, Social Media & other tools within Splunk""Hunting the Bad Guys: Using OSINT, Social Media & other tools within Splunk"
"Hunting the Bad Guys: Using OSINT, Social Media & other tools within Splunk"Rinaldi Rampen
 
Ch 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewCh 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewSam Bowne
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
Redes - VoIP Asterisk Dial Plan
Redes - VoIP Asterisk Dial PlanRedes - VoIP Asterisk Dial Plan
Redes - VoIP Asterisk Dial PlanLuiz Arthur
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSECAPNIC
 
Phishing Incident Response Playbook
Phishing Incident Response PlaybookPhishing Incident Response Playbook
Phishing Incident Response PlaybookNaushad CEH, CHFI, MTA, ITIL
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...
AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...
AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...Amazon Web Services
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
TLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailTLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailrinnocente
 

Mais conteúdo relacionado

Mais procurados

EMC Deduplication Fundamentals
EMC Deduplication FundamentalsEMC Deduplication Fundamentals
EMC Deduplication Fundamentalsemcbaltics
 
How to recover from ransomware
How to recover from ransomwareHow to recover from ransomware
How to recover from ransomwareDatabarracks
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
[Python] Quick book for dell switch_os10
[Python] Quick book for dell switch_os10[Python] Quick book for dell switch_os10
[Python] Quick book for dell switch_os10Jo Hoon
 
Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014Rodrigo Montoro
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationSam Bowne
 
"Hunting the Bad Guys: Using OSINT, Social Media & other tools within Splunk"
"Hunting the Bad Guys: Using OSINT, Social Media & other tools within Splunk""Hunting the Bad Guys: Using OSINT, Social Media & other tools within Splunk"
"Hunting the Bad Guys: Using OSINT, Social Media & other tools within Splunk"Rinaldi Rampen
 
Ch 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewCh 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewSam Bowne
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
Redes - VoIP Asterisk Dial Plan
Redes - VoIP Asterisk Dial PlanRedes - VoIP Asterisk Dial Plan
Redes - VoIP Asterisk Dial PlanLuiz Arthur
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSECAPNIC
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...
AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...
AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...Amazon Web Services
 

Mais procurados (20)

CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
EMC Deduplication Fundamentals
EMC Deduplication FundamentalsEMC Deduplication Fundamentals
EMC Deduplication Fundamentals
 
How to recover from ransomware
How to recover from ransomwareHow to recover from ransomware
How to recover from ransomware
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
 
Red Team P1.pdf
Red Team P1.pdfRed Team P1.pdf
Red Team P1.pdf
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
[Python] Quick book for dell switch_os10
[Python] Quick book for dell switch_os10[Python] Quick book for dell switch_os10
[Python] Quick book for dell switch_os10
 
Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014Lost in Translation - Blackhat Brazil 2014
Lost in Translation - Blackhat Brazil 2014
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social Engineering
 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: Enumeration
 
"Hunting the Bad Guys: Using OSINT, Social Media & other tools within Splunk"
"Hunting the Bad Guys: Using OSINT, Social Media & other tools within Splunk""Hunting the Bad Guys: Using OSINT, Social Media & other tools within Splunk"
"Hunting the Bad Guys: Using OSINT, Social Media & other tools within Splunk"
 
Ch 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewCh 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts Review
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 
Redes - VoIP Asterisk Dial Plan
Redes - VoIP Asterisk Dial PlanRedes - VoIP Asterisk Dial Plan
Redes - VoIP Asterisk Dial Plan
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSEC
 
Phishing Incident Response Playbook
Phishing Incident Response PlaybookPhishing Incident Response Playbook
Phishing Incident Response Playbook
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World Incidents
 
AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...
AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...
AWS re:Invent 2016: Discovery Channel's Broadcast Workflows and Channel Origi...
 

Destaque

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
TLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailTLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailrinnocente
 
Using DMARC to Improve Your Email Reputation
Using DMARC to Improve Your Email ReputationUsing DMARC to Improve Your Email Reputation
Using DMARC to Improve Your Email ReputationTerry Zink
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices WebinarMen and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitMen and Mice
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27APNIC
 
Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoSFakrul Alam
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSECMen and Mice
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and securityMichael Earls
 
Linux15 dynamic dns-2
Linux15 dynamic dns-2Linux15 dynamic dns-2
Linux15 dynamic dns-2Jainul Musani
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedMen and Mice
 
DDoS Attacks : Preparation Detection Mitigation
DDoS Attacks : Preparation Detection MitigationDDoS Attacks : Preparation Detection Mitigation
DDoS Attacks : Preparation Detection MitigationFakrul Alam
 
Fighting Email Abuse with DMARC
Fighting Email Abuse with DMARCFighting Email Abuse with DMARC
Fighting Email Abuse with DMARCKurt Andersen
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureSam Bowne
 

Destaque (19)

What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
TLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailTLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated email
 
Using DMARC to Improve Your Email Reputation
Using DMARC to Improve Your Email ReputationUsing DMARC to Improve Your Email Reputation
Using DMARC to Improve Your Email Reputation
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
 
SPF, DKIM en DMARC
SPF, DKIM en DMARCSPF, DKIM en DMARC
SPF, DKIM en DMARC
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27
 
DNSSec
DNSSecDNSSec
DNSSec
 
Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoS
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
 
Linux15 dynamic dns-2
Linux15 dynamic dns-2Linux15 dynamic dns-2
Linux15 dynamic dns-2
 
Linux14 Dynamic DNS
Linux14 Dynamic DNSLinux14 Dynamic DNS
Linux14 Dynamic DNS
 
DNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloadedDNSSEC and DANE – E-Mail security reloaded
DNSSEC and DANE – E-Mail security reloaded
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
DDoS Attacks : Preparation Detection Mitigation
DDoS Attacks : Preparation Detection MitigationDDoS Attacks : Preparation Detection Mitigation
DDoS Attacks : Preparation Detection Mitigation
 
Fighting Email Abuse with DMARC
Fighting Email Abuse with DMARCFighting Email Abuse with DMARC
Fighting Email Abuse with DMARC
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and Architecture
 

Semelhante a Fighting Abuse with DNS

New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsOpenDNS
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption securityMen and Mice
 
JS Fest 2019. Andrew Betts. Headers for hackers
JS Fest 2019. Andrew Betts. Headers for hackersJS Fest 2019. Andrew Betts. Headers for hackers
JS Fest 2019. Andrew Betts. Headers for hackersJSFestUA
 
Massive emailing with Linux, Postfix and Ruby on Rails
Massive emailing with Linux, Postfix and Ruby on RailsMassive emailing with Linux, Postfix and Ruby on Rails
Massive emailing with Linux, Postfix and Ruby on Railsibelmonte
 
Dns configuration on rhel 5
Dns configuration on rhel 5Dns configuration on rhel 5
Dns configuration on rhel 5Subin Selvaraj
 
DMARC Implementation across all domains
DMARC Implementation across all domainsDMARC Implementation across all domains
DMARC Implementation across all domainsCTM360
 
Let's go HTTPS-only! - More Than Buying a Certificate
Let's go HTTPS-only! - More Than Buying a CertificateLet's go HTTPS-only! - More Than Buying a Certificate
Let's go HTTPS-only! - More Than Buying a CertificateSteffen Gebert
 
B2B Email Deliverability - Getting to the Inbox
B2B Email Deliverability - Getting to the InboxB2B Email Deliverability - Getting to the Inbox
B2B Email Deliverability - Getting to the InboxB2BCamp
 
SeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & MeSeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & MeWendy Knox Everette
 
Honing headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextHoning headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextFastly
 
Honing headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextHoning headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextFastly
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]APNIC
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsMen and Mice
 
Securing the Foundation to Secure the Cloud
Securing the Foundation to Secure the CloudSecuring the Foundation to Secure the Cloud
Securing the Foundation to Secure the CloudTrent Adams
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
 
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptWaf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptDenis Kolegov
 
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008ClubHack
 

Semelhante a Fighting Abuse with DNS (20)

New DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsNew DNS Traffic Analysis Techniques to Identify Global Internet Threats
New DNS Traffic Analysis Techniques to Identify Global Internet Threats
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
Green Locks for You and Me
Green Locks for You and MeGreen Locks for You and Me
Green Locks for You and Me
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
 
JS Fest 2019. Andrew Betts. Headers for hackers
JS Fest 2019. Andrew Betts. Headers for hackersJS Fest 2019. Andrew Betts. Headers for hackers
JS Fest 2019. Andrew Betts. Headers for hackers
 
Massive emailing with Linux, Postfix and Ruby on Rails
Massive emailing with Linux, Postfix and Ruby on RailsMassive emailing with Linux, Postfix and Ruby on Rails
Massive emailing with Linux, Postfix and Ruby on Rails
 
Dns configuration on rhel 5
Dns configuration on rhel 5Dns configuration on rhel 5
Dns configuration on rhel 5
 
DMARC Implementation across all domains
DMARC Implementation across all domainsDMARC Implementation across all domains
DMARC Implementation across all domains
 
Let's go HTTPS-only! - More Than Buying a Certificate
Let's go HTTPS-only! - More Than Buying a CertificateLet's go HTTPS-only! - More Than Buying a Certificate
Let's go HTTPS-only! - More Than Buying a Certificate
 
B2B Email Deliverability - Getting to the Inbox
B2B Email Deliverability - Getting to the InboxB2B Email Deliverability - Getting to the Inbox
B2B Email Deliverability - Getting to the Inbox
 
SeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & MeSeaSec East: Green Locks For You & Me
SeaSec East: Green Locks For You & Me
 
DNS hijacking - null Singapore
DNS hijacking - null SingaporeDNS hijacking - null Singapore
DNS hijacking - null Singapore
 
Honing headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextHoning headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertext
 
Honing headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertextHoning headers for highly hardened highspeed hypertext
Honing headers for highly hardened highspeed hypertext
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
 
Securing the Foundation to Secure the Cloud
Securing the Foundation to Secure the CloudSecuring the Foundation to Secure the Cloud
Securing the Foundation to Secure the Cloud
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptWaf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScript
 
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
 

Mais de Men and Mice

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesMen and Mice
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial Men and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2Men and Mice
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review WebinarMen and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report WebinarMen and Mice
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS ServerMen and Mice
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)Men and Mice
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEMen and Mice
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteMen and Mice
 

Mais de Men and Mice (20)

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows Networks
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 
IETF 92 Webinar
IETF 92 WebinarIETF 92 Webinar
IETF 92 Webinar
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
 
IETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANEIETF 90 Report – DNS, DHCP, IPv6 and DANE
IETF 90 Report – DNS, DHCP, IPv6 and DANE
 
RIPE 68 Webinar
RIPE 68 WebinarRIPE 68 Webinar
RIPE 68 Webinar
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
 

Último

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Fighting Abuse with DNS

  • 1. © Men & Mice http://menandmice,com SPF, DKIM and DMARC Mail-Reputation and DNS Wednesday 26 October 16
  • 2. © Men & Mice http://menandmice,com Sender Policy Framework Wednesday 26 October 16
  • 3. © Men & Mice http://menandmice,com SPF •Sender Policy Framework (SPF) defines the addresses mails can be originated for a given domain •this information is stored in it’s own SPF-Format inside a TXT-Record • there has been a dedicated SPF record type, that has been deprecated because it was ignored by Mail- and DNS-admins •Website: http://www.openspf.org Wednesday 26 October 16
  • 4. © Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record google.com. 3600 IN TXT "v=spf1 include:_spf.google.com ~all" Mail-Sender Domain SPF-Format Version Include SPF- Information from subdomain Soft-Fail SPF- Checks Wednesday 26 October 16
  • 5. © Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record _spf.google.com. 299 INTXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" Includes of Google Network Blocks Wednesday 26 October 16
  • 6. © Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record _spf.google.com. 299 INTXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" Includes of Google Network Blocks Wednesday 26 October 16
  • 7. © Men & Mice http://menandmice,com SPF-Example •the Google SPF-Record _netblocks.google.com. 3600 IN TXT "v=spf1 ip4:64.18.0.0/20 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:207.126.144.0/20 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all" Google Mail-Sending addresses Wednesday 26 October 16
  • 8. © Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 Wednesday 26 October 16
  • 9. © Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 looking up SPF-Record for “example.com” Wednesday 26 October 16
  • 10. © Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 example.com IN TXT “v=spf1 ipv4:192.0.2.0/24 -all” Wednesday 26 October 16
  • 11. © Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server sending mail on port 25 from 192.0.2.123 check if sending address is within SPF- Data Wednesday 26 October 16
  • 12. © Men & Mice http://menandmice,com SPF-Operation example.com authoritative DNS example.com outgoing mail receiving mail server mail has been received Wednesday 26 October 16
  • 13. © Men & Mice http://menandmice,com SPF issues •SPF is problematic with some mail functions where mail is send indirectly •mail-forwarding •mailing lists •webforms - http://bsdly.blogspot.nl/2016/10/is-spf-simply-too-hard-for-application.html Wednesday 26 October 16
  • 14. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 192.0.2.123 Wednesday 26 October 16
  • 15. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 Wednesday 26 October 16
  • 16. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 looking up SPF-Record for “example.com” Wednesday 26 October 16
  • 17. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 example.com IN TXT “v=spf1 ipv4:192.0.2.0/24 -all” Wednesday 26 October 16
  • 18. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 check if sending address is within SPF- Data Wednesday 26 October 16
  • 19. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 mail rejected, as the sender IP does not appear in the SPF data Wednesday 26 October 16
  • 20. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server sending mail from user@example.com on port 25 from 203.0.113.23 mail rejected, as the sender IP does not appear in the SPF data Wednesday 26 October 16
  • 21. © Men & Mice http://menandmice,com DKIM DomainKeys Identified Mail Wednesday 26 October 16
  • 22. © Men & Mice http://menandmice,com DKIM • DKIM cryptographically signs selected mail headers and the mail content • DKIM is used to validate the mail message content but not to secure the transport path • No upgrade to User Client (Client E-Mail program) needed • But E-Mail Clients can offer per-User signing, as an option • DKIM Management can be “outsourced” (ISP, E-Mail Hosting Provider) • No PKI Infrastructure needed, only depends on DNS Wednesday 26 October 16
  • 23. © Men & Mice http://menandmice,com DKIM • DKIM Website • http://dkim.org/ • Documents • RFC 5585 - DomainKeys Identified Mail (DKIM) Service Overview https://tools.ietf.org/html/rfc5585 • RFC 6376 - DomainKeys Identified Mail (DKIM) Signatures https://tools.ietf.org/html/rfc6376 • RFC 5863 - DomainKeys Identified Mail (DKIM) Development, Deployment, and Operations https://tools.ietf.org/html/rfc5863 • RFC 5617 - DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP) https://tools.ietf.org/html/rfc5617 • RFC 6377 - DomainKeys Identified Mail (DKIM) and Mailing Lists https://tools.ietf.org/html/rfc6377 Wednesday 26 October 16
  • 24. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] DKIM Version Wednesday 26 October 16
  • 25. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] DKIM Signing Algorithm Wednesday 26 October 16
  • 26. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] canonicalization algorithm: "relaxed" algorithm that tolerates common modifications such as whitespace replacement and header field line rewrapping Wednesday 26 October 16
  • 27. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Domain of the sending party, this is where the public key to verify the signature is located Wednesday 26 October 16
  • 28. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Subdomain selector: will pre prepended to the domain to fetch the DKIM public key Wednesday 26 October 16
  • 29. © Men & Mice http://menandmice,com Fetching the DKIM key •The DKIM public key can be found inside a TXT record at a domain name build from • selector • subdomain “_domainkey” • base mail domain (d: field) $ dig selector1-menandmice-com._domainkey.mennogmys.onmicrosoft.com TXT +short "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDenG16IONFpDPACAhDnCd/ N98W277rSbwSoatar767pSYtT+CClFqhmEePynSVGdS0RxIjFZscmVN5RZjnfD +HE1HL4XvUtxnnb1j0PeNfhrDHy7BHFGux6exfL7/splByKu7qhLBP10+SyAjiE4Qc6xWfCQ3MzmECZGW/ CzzmOQIDAQAB; n=1024,1450909615,1" Wednesday 26 October 16
  • 30. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Header-Fields signed by the sending party Wednesday 26 October 16
  • 31. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Body-Hash: Hash of the message body Wednesday 26 October 16
  • 32. © Men & Mice http://menandmice,com DKIM Signature in the Mail Header DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mennogmys.onmicrosoft.com; s=selector1-menandmice-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Rk04UQbu8aZGogweVSHLqo55rIPXR0OajjGVpZOcEic=; b=cVQyry/E2yMiV9qUZbth0Y51r5OoWoHPr0qYklZYGvc6/[...] Signature over header fields and Body-Hash Wednesday 26 October 16
  • 33. © Men & Mice http://menandmice,com DKIM operation example.com authoritative DNS example.com outgoing mail receiving mail server mail forwarder mail get signed with “example.com” private DKIM key Wednesday 26 October 16
  • 34. © Men & Mice http://menandmice,com DKIM operation example.com authoritative DNS example.com outgoing mail receiving mail server mail forwarder sending mail from user@example.com on port 25 from 192.0.2.123 Wednesday 26 October 16
  • 35. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 mail forwarder Wednesday 26 October 16
  • 36. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 looking up DKIM public key for “example.com” mail forwarder Wednesday 26 October 16
  • 37. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 _domainkeys.example.com IN TXT “v=DKIM1; k=rsa; p=MIG[...]” mail forwarder Wednesday 26 October 16
  • 38. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server sending mail from user@example.com on port 25 from 203.0.113.23 validating DKIM signed headers and body mail forwarder Wednesday 26 October 16
  • 39. © Men & Mice http://menandmice,com SPF problem with forwarding example.com authoritative DNS example.com outgoing mail receiving mail server mailing-list server mail has been received Wednesday 26 October 16
  • 40. © Men & Mice http://menandmice,com DMARC Domain-based Message Authentication, Reporting & Conformance Wednesday 26 October 16
  • 41. © Men & Mice http://menandmice,com DMARC •DMARC builds on top of SPF and DKIM •it allows the owner of an email domain to publish a policy about SPF and DKIM failures •DMARC can be used to publish a feedback channel to let the domain owner know of spoofed mail from his domain •the DMARC policy is stored in DNS Wednesday 26 October 16
  • 42. © Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Protocol Version Wednesday 26 October 16
  • 43. © Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Policy for organizational domain Wednesday 26 October 16
  • 44. © Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Percentage of messages subjected to filtering Wednesday 26 October 16
  • 45. © Men & Mice http://menandmice,com DMARC •example DMARC record "v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com" Where to send the aggregated mis-use reports Wednesday 26 October 16