fbid
ZW3B :-:
infos
usr



Prevent spoofing and phishing with DMARC (Domain-based Message Authentication, Report...




Site user blocks : Account info / user rights / summary

Prevent spoofing and phishing with DMARC

DMARC is a technical specification created by a group of organizations that want to help reduce the misuse of emails, such as spam, phishing, by providing a solution for deploying and monitoring problems related to their authentication.

This technology has been standardized by the Internet Engineering Task Force (IETF) in the RFC 7489 .

DMARC standardizes how recipients (in the sense of recipient MTAs) perform email authentication using the Sender Policy Framework and DomainKeys Identified Mail mechanisms. This means that the sender (in the sense of a sending MTA) will receive the results of the authentication of its messages by any recipient that implements DMARC.

Domain-based Message Authentication, Reporting, and Conformance

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a standard email authentication method . DMARC allows email administrators to prevent hackers from impersonating their organization and domain. Spoofing is a type of attack in which the address in the From field of an email is spoofed. A spoofing message appears to come from the spoofed organization or domain.

DMARC also lets you request reports from mail servers that receive mail from your organization or domain. These reports contain information to help you identify possible authentication issues and malicious activity related to messages sent from your domain.

DMARC prevents spoofing and phishing

Spammers can spoof your domain or organization to send fraudulent messages that impersonate your organization. DMARC tells mail servers what action to take when they receive a message that appears to come from your organization, but does not pass authentication checks or does not meet the authentication criteria of your DMARC rule record. Messages that aren't authenticated can impersonate your organization or be sent from unauthorized servers.

DMARC is always used with the following two authentication methods or controls:

  • The Sender Policy Framework (SPF) protocol allows the domain owner to authorize IP addresses to send email for the domain. Receiving servers can verify that messages from a specific domain are sent from servers authorized by the domain owner.
  • DKIM (Domain Keys Identified Mail) adds a digital signature to every message sent. Receiving servers use this signature to verify that messages are authentic and have not been tampered with or altered during sending.
Information DMARC:

Compliance DMARC : SPF + DKIM which allows us to know who (which domain, which IP address) is usurping our identity (our domain name) and validate our messages/domains/IP address.

Docs for a good configuration of DMARC DNS records : DNS Record found, DMARC Record found and DMARC Quarantine/Reject policy enabled

DMARC Reports files Analyser

HTML (PHP) table for viewing compliance reports DMARC. Analyze the DMARC reports sent by the mail servers receiving your couriers.

SH script to unzip/store ZIP/GZ DMARC files
Retrieve the analyzes of our DMARC reports from your servers.

API JSON RESTful to analyze mail servers spoofing our mail domain names.

Use the API "ZW3B Api Client" :
Information for using our API "ZW3B Api Client".

DMARC Reports +

Emails Reports - Conformance DMARC DKIM SPF
  • Sender Mail server : mail.zw3b.eu
    • SPF authorized : 158.69.126.137 2607:5300:60:9389:17:4:0:1 2607:5300:60:9389:17:4c1:0:1a

And above all, could a competent authority verify the IP addresses of usurpers ? Should I add "and sanction them" or am I to do it ? Thank you !

Supports DMARC:

Install "Mail-DMARC" protection on the mail server as security against non-domain compliant incoming (receiving) mail based on message authentication and good compliance :


If you want to install "Mail-DMARC Security and reporting" on your mail server, you can use this OpenSource solution (perl) which will allow you to secure your mailboxes from incoming messages not compliant DMARC.




Otherwise, you can install Rspamd, free antispam software, written in C and distributed under the Apache license; an alternative solution to SpamAssassin.
Rspamd is broadly customizable and allows multiple strategies to avoid Spam and false positives. In conclusion, Rspamd team is not only giving an incredible spam filtering system and email processing framework that allows evaluation of messages by a number of rules including regular expressions.






Welcome !

Author of the section

ZW3B

ZW3B

  • Firstname : The Web
  • Lastname : : Master
  • Arrived on tuesday 09 august 2011 (2011/08/09 00:00)
    13 years activity !




Load page: 0,10618805885315