4.5 email security

Question 1

Email security challenges

Answer 1

• The protocols used to transfer emails include
  relatively few security checks – It’s very easy to spoof an email
• Spoofing happens all the time– Check your spam folder
• The email looks as if it originated from
  james@professormesser.com– But did it? How can you tell?
• A reputable sender will configure email validation– Publicly available on the sender’s DNS server

Question 2

Mail gateway

Answer 2

*The gatekeeper– Evaluates the source of inbound email messages– Blocks it at the gateway before it reaches the user– On-site or cloud-based

Question 3

Sender Policy Framework (SPF)

Answer 3

– Sender configures a list of all servers authorized to
send emails for a domain

• List of authorized mail servers are added to a
  DNS TXT record– Receiving mail servers perform a check to see if
  incoming mail really did come from an authorized host

Question 4

Domain Keys Identified Mail (DKIM)

Answer 4

• A mail server digitally signs all outgoing mail– The public key is in the DKIM TXT record
• The signature is validated by the receiving mail servers– Not usually seen by the end use

Question 5

DMARC

Answer 5

• Domain-based Message Authentication,
  Reporting, and Conformance (DMARC)– An extension of SPF and DKIM
• The domain owner decides what receiving email servers
  should do with emails not validating using SPF and DKIM– That policy is written into a DNS TXT record– Accept all, send to spam, or reject the email
• Compliance reports are sent to the email administrator– The domain owner can see how emails are received