SlideShare une entreprise Scribd logo

Using sender verification for identifying spoof mail spf, dkim, dmarc, exchange and exchange online part 8#9 | Eyal Doron | o365info.com

Eyal Doron
Eyal Doron

Spoof mail attack is implemented by a hostile element the try to spoof sender identity. The way for dealing with a Spoof mail attack is, by implementing a procedure, which check and verify the sender identity (verify of the sender consider as a legitimate sender of a spoofed sender). http://o365info.com/using-sender-verification-for-identifying-spoof-mail-spf-dkim-dmarc-exchange-and-exchange-online-part-8-of-9/

Internet
1  sur  21
Télécharger pour lire hors ligne
Page 1 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Spoof mail attack is implemented by a hostile element the try to spoof sender identity. The way for dealing with a Spoof mail attack is, by implementing a procedure, which check and verify the sender identity (verify of the sender consider as a legitimate sender of a spoofed sender). Using SPF, DKIM And DMARC, Exchange And Exchange Online For Verifying Sender Identity In the current article, we will review the way that the sender verification process is implemented by the following infrastructures: 1. Mail sender verification standards – SPF, DKIM and DMARC.
Page 2 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 2. Exchange based environment – by using the sender authentication status. 3. Exchange Online (EOP) based environment – by using the feature of Phish filter Our main focus in this article is to understand the “identity concept” of the sender, and the specific mail fields that are used for “storing” the sender identity. In the next article – our main focus we will review the “flow” of the sender verification process that is implemented by each of the different methods. The Major Public Mail Standard For Sender Verification + The Available Option In Exchange Based Environment. A general classification of the available sender verification methods that we can use could be: 1. Public mail standard that deals with sender verification. In this “group,” we can relate to three major popular standards:  SPF (Sender Policy Framework).  DKIM (DomainKeys Identified Mail).  DMARC (Domain-based Message Authentication, Reporting & Conformance). 2. Exchange based environment
Page 3 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 In this group, we can relate to a solution that can help us to implement a sender verification process, by using information about the sender, that includes his authentication status + his domain name (the domain name that appears on the E-mail address). The “Exchange method” can be used only for a scenario of incoming mail in which the sender E- mail address includes our domain name. In this case, we can verify the sender identity by checking his authentication status. Internal or anonymous sender The method which we use for deciding if the sender is “valid” is – by looking at the value that is “stored” in the X-MS-Exchange-Organization-AuthAs mail field. Using the above mail field is relevant to any Exchange based environment, including Office 365 that is based on Exchange Online. The concept behind this method is implemented by looking at the status of the authentication information about the recipient – the information that is stored in the X-MS-Exchange- Organization-AuthAs mail field. The basic assumption is that recipient whom their E-mail address includes our organization domain name should appear as authenticated recipient, meaning, users who provide their user credentials. In case that the status of the recipient whom his E-mail address includes our domain name is “anonymous.” This is a sign that there is some “problem” with the sender identity. 3. Exchange Online based environment (EOP – Exchange Online protection) | Phish filter EOP (Exchange Online protection) includes a method, which described as Phish filter. The mechanism of the EOP Phish filter, is based upon a concept in which the EOP server verifies the sender information that appears in the MAIL FROM and in the FROM field.  In case that the information is identical, the sender considers as “valid sender”.  In case that the information is not identical the sender considers as “non-valid sender.” Note – Booth of this method can be implemented only for “incoming mail.” In other words, we cannot use this method for “protect” our recipient’s identity in a scenario in which our recipient sends an E-mail message to external recipients.
Page 4 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 How exactly we define the “sender”? 1. SPF and DKIM standard SPF and DKIM standard, define the “sender identity” by relating to the E-mail address of the sender. If we want to be more accurate, the SPF standard relates to the “right part” of the E-mail address meaning, the domain name, and the DKIM standard, relates to the “whole E-mail address.”  The SPF standard relates to the sender E-mail address that appears in the MAIL FROM mail field (the information that appears on the mail envelope).  The DKIM standard relates to the sender E-mail address that appears in the FROM mail field (the information that appears in the mail header).
Page 5 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 2. DMARC The DMARC standard relies on the SPF or the DKIM standards, as the mechanism for implementing sender verification. The added value to the DMARC standard regarding the subject of verifying sender identity is implemented by using an additional “layer” of tests that relate to the sender verification. In other words, the DMARC standard performs more stringent verification tests. For example, when we use the DMARC standard, the DMARC will check if the E-mail message passes the SPF check. Even if the SPF check status is “pass,” the DMARC Will performs an additional test described as “alignment,” in which he checks if the E-mail message that appears in the MAIL FROM field is equal to the E-mail address that appears in the FROM field Additional reading SPF  Sender Policy Framework  Sender Policy Framework  How can I create an SPF record for my domain?  How To use an SPF Record to Prevent Spoofing & Improve E-mail Reliability  An Overview of the Sender Policy Framework  Explaining SPF  About SPF and DKIM DKIM
Page 6 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016  DomainKeys Identified Mail (DKIM)  DomainKeys Identified Mail  What is DKIM? Everything You Need to Know About Digital Signatures  DKIM Explained: How to Set Up and Use DomainKeys Identified Mail Effectively  DKIM – Domain Keys Identified Mail | Basic introduction | Part 1#5 DMARC  DMARC – FAQ  What is DMARC?  DMARC Inspector  DMARC: Monitor & secure your email delivery  A brief DMARC primer 3. Exchange based environment | Recipient authentication status. In Exchange based environment, we can use an additional “peace of information,” that appears on the E-mail message (mail header) that tells us if the recipient considers as authenticated recipient or not. One of the “forms” of Spoof mail attack is realized, is when the attacker, use “our organizational identity” (an E-mail address that includes our domain name) for attacking our users. In this case, we can use the information that is stored in the X-MS-Exchange-Organization- AuthAs mail field for identifying an event of a Spoof mail attack “(spoof sender). Our basic assumption is that each of our users should provide his user credentials. In a scenario of Spoof mail attack, the hostile element that uses the identity of one of our organization users, doesn’t provide ant credentials. For example – if the sender E-mail address includes our organization domain name + the sender considers as a non-authenticated user (anonymous), this is a “sign” for a Spoof E-mail.
Page 7 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 4. Exchange Online – Phish Filter The term “Phish Filter,” describe a specific filter that is used by the EOP server for identifying a possible event of Spoof mail. This is a Spoof E-mail identification mechanism, that exists for Office 365 customers or for a customer who uses EOP (Exchange Online protection) as a standalone version. The Phish Filter mechanism that is implemented by EOP acts similar to the DMARC alignment concept, that is implemented relating to SPF. The EOP Phish Filter verifies that the E-mail address (sender identity) that appears in the MAIL FROM field is identical to the sender identity that appears on the FROM field.
Page 8 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Where Is The Sender Identity Being Stored And How Does The Sender Identity Verification Process Is Implemented? 1. SPF standard The SPF sender identity verification is implemented in the following way: The mail server that represents the destination recipient, “fetch” the domain name from the E-mail address of the sender, who appears in the MAIL FROM field. The destination mail server verifies the sender identity, by verifying if the source mail server is authorized to send E-mail on behalf of the specific domain. The verification process is implemented by using a dedicated SPF record (TXT record) that includes the IP address of the authorized mail servers for a specific domain. 2. DKIM standard The DKIM sender identity verification is implemented in the following way: The mail server that represents the destination recipient, “fetch” the E-mail address of the sender, who appears on the FROM field. The destination mail server verifies the sender identity by verifying the digital signature that appears in the mail header.
Page 9 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 3. DMARC The DMARC standard relies on the SPF or the DKIM standards as the mechanism for implementing sender verification. The purpose of the DMARC standard is to – verify the results that were accepted by performing the sender verification by the SPF or DKIM. In case that the results are “OK” (the sender verification status is “pass”), the DMARC sender verification process “move on” to the next step which describes as “alignment.” Regarding the SPF result – DMARC verifies if the E-mail address that appears in the MAIL FROM field is identical to the E-mail address that appears in the FROM field.
Page 10 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Regarding the DKIM result – DMARC verifies if the DKIM selector domain name is identical to the domain name of the sender. Note – the DMARC standard includes additional features and components that extend the management of sender verification tasks. For example – the DMARC DNS record, include “instruction” to “another mail infrastructure”, in case that they identify E-mail messages that include our domain name as spoof E-mail. The “instruction” includes our recommendation regarding “what to do this E-mail message” such as ignore, quarantine or block. 4. Exchange based environment | recipient authentication status. The “sender” that addresses Exchange server could be 1. Any sender from any organization that asks to send E-mail message recipient hosted on the Exchange server 2. An Exchange user whom his mailbox is hosted on an Exchange In a scenario in which the “sender” use E-mail address, that includes the domain name that is hosted on the Exchange server, the basic assumption is – that this is an “Exchange user” that has an Exchange mailbox, and for this reason, this “user” should prove his identity by providing user credentials.
Page 11 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The information about the authentication process is saved by Exchange in a dedicated mail field named – X-MS-Exchange-Organization-AuthAs  If the user provides his credentials, the authentication status of the recipient is “internal.”  If the user didn’t provide his credentials, the authentication status of the recipient is “anonymous.” In a scenario in which a sender “claim” that he belongs to the Exchange organization, meaning that he uses the E-mail address, that includes the domain name that is hosted at Exchange but the sender doesn’t provide his credentials; this is a sign that the sender is probably a spoofed sender. In other words, the status of the sender who is saved in the X-MS-Exchange-Organization-AuthAs field appears as anonymous. 5. Exchange Online – Phish Filter EOP (Exchange Online protection) includes a built-in filter mechanism (Phish Filter) which was created to identify an event of an E-mail message that has a high chance of being Spoof mail. The EOP Phish Filter work in a similar way as the DMARC alignment concept that is implemented relating to SPF. The EOP Phish Filter verifies that the E-mail address (sender identity) that appears in the MAIL FROM is identical to the sender identity that appears on the FROM mail field. If there is a difference, the E-mail message will be “stamped” using a warning message that will notify the user, that this E-mail message could be a Spoof mail.
Page 12 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Major Differences Between Sender Verification Mail Standard And Exchange Based Solutions. As mentioned, when we go to the “Spoof E-mail attack war,” there is a variety of weapons to choose from. Some of these “weapons,” are public mail standards that can be adapted by any mail infrastructure, and some of them can be used only in the case that the mail infrastructure is based on Exchange mail server or Exchange Online (Office 365 customers). The major differences between the Exchange based solutions versus the “public mail standard” are: 1. DNS configuration settings When we use the Exchange based mechanism for identifying an event of Spoof E-mail, there is no need for using additional configurations such as DNS records. 2. Incoming mail flow The Exchange based solution’s mechanism for identifying an event of Spoof mail can be implemented only regarding scenarios of – incoming mail. The meaning is – events in which hostile element try to “attack” the Exchange recipient. Using the SPF, DKIM and DMARC for protecting ourselves from a scenario in which hostile element uses our identity. Just as short reminder, the problem of “Spoof mail” can be realized in two main flavors:
Page 13 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016  Case 1 – a scenario in which hostile element attacks our user by sending them Spoof mail.  Case 2 – a scenario in which hostile element, uses our organizational identity (E-mail address that includes our domain name) for attacking other organizations. When using a public mail standard such as SPF and DKIM, we have the ability to “announce” other organizations, if a specific E-mail message in which the sender uses our domain name, is a legitimate E-mail message or not. For example, when using SPF, we can inform other organizations, which are the authorized mail server that can send an E-mail message on behalf of our domain name. In addition, some mail stand such as SPF and DMARC enables us to instruct another mail infrastructure “what to do” in case that the E-mail message that sent seemingly by one of our recipients didn’t send from an authorized mail server. The Exchange and the Exchange Online options don’t include a mechanism that can be used in such scenarios of outbound mail. What Is The Best Option For Identifying Of Spoof E-Mail? Without knowing you personally, I’m pretty sure that after reading all the above information, the following question could appear in your mind: Q: What is the bottom line? Which is the “right tool” for my organization? A: The answer that I have included a couple of parts:
Page 14 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Better something than nothing It’s better to start with the implementation of at least one mail sender verification standard versus “not doing anything,” and leave your organization mail infrastructure exposed to a variety of risk and dangers. Using a specific sender verification mechanism versus a combination of more than one mechanism Theoretically, we can be satisfied with only one ” chosen” mail standard or mechanism such as – SPF, DKIM or one the Exchange option. In reality, the “true” solution, will need to be based on more than one standard because, the different standard completes each other, and each of them covers other or different type Spoof mail scenarios. Baby step | Step by step The best practice is to start with a simple sender verification standard, and only after we feel comfortable, “move on” to the next step in which we implement an additional standard. My opinion is that the simplest option is – to start with the implementation of the SPF standard because the SPF standard can be described as a relatively easy standard to implement. In case that your mail infrastructure is based on Exchange infrastructure, it’s recommended also to add the “additional layer,” in which we use Exchange rule, that identifies an event in which incoming mail includes the sender who has our E-mail address but doesn’t provide user credentials. Note – if you want to read more information about the way for how to implement the “Exchange option” using a Spoof E-mail rule, you can read the article – Detect spoof E-mail and send an incident report using Exchange Online rule (Learning mode) |Part 2#12
Page 15 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 So, what is the best combination of sender identification standard options? The answer is – that there is no specific “cocktail” that can be described as the “best cocktail”. For example – a reasonable question could be- Q1: Why not to use all the available options? Q2: Can we use the concept of more the better? A: The answer is “Yes,” and “No.” Theoretically, it’s better to use all the available options that we can use for identifying events of Spoof E-mail, but we should not forget that each of these “standard” or “mechanism” requires its own resources. The resource that will need to be allocated to:  Learning and implementing the required configuration settings for each of the “sender verification solutions”
Page 16 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016  The ongoing tasks such as – monitoring the events of a Spoof mail that were “captured” by the specific standard – the need to review and examine the E-mail items that was identified as Spoof mail and the need to decide what to do with this E-mail item. The Secret Location Of The Sender E-Mail Address As mentioned, the mail standard that verifies the sender identity verifies the information about the E-mail address of the sender. The SMTP protocol defines two mail fields, that were created for storing information about the identity of the sender’s meaning, the E-mail address of the sender.  One type of “information” about the sender, is kept in a mail field named – MAIL FROM that is “located” in the mail envelope.  One type of “information” about the sender, is kept in a mail field named – FROM that is “located” in the mail header. The mail envelope considers as a “temporary data store” that serves as a “logical container” for data, in the phase of the SMTP session in which two mail servers communicate.
Page 17 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The mail envelope concept is very similar to a “psychical mail envelope.” After the E-mail, the message is accepted by the destination mail server that represents the destination recipient, and after the destination mail server reads all the required information that is stored in the mail envelope, the mail envelope is “destroyed.” In this phase, two optional questions can appear in our mind: Q1: Why do we need to use two different mail field for storing the information about the sender identity (the sender E-mail address)? Q2: Why are you telling me all of this information? How this information related to the topic in question? A1: The main purpose of the “sender information” that appears in the mail envelope (MAIL FROM) is to serve as a “return mail” address. “Return mail” address used by the destination mail server, in a scenario in which the E-mail message could not be sent to the destination recipient, and the mail server will need to “return the mail” to his original sender. The main purpose of the “sender information” that appears in the mail header (FROM) is to inform the destination recipient, who is the sender that “wrote” the E-mail message. In some scenarios, the sender who appears in the MAIL FROM (the mail envelope) can be different from the sender identity that appears in the FROM field (the mail header). A2: The reason that I tell you this “boring information” is, because the mail standard – SPF and DKIM use this the information stored in this field (MAIL FROM and FROM) for getting the information about the sender identity, and implementing the sender verification procedure.
Page 18 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Note- the SPF standard process is configured to verify the sender information that is stored in the MAIL FROM field only. In other words, the SPF sender verification process, will not relate to sender information stored in the FROM field. This is a built-in weakness that can be exploited by hostile elements. If you want to read more information about this vulnerability, you can read the article – How can hostile element execute Spoof E-mail attack and bypass existing SPF implementation? | introduction | 1#2 The E-mail message components – mail envelope, the mail and the mail header In the following diagram, we can see the structure of a standard E-mail message that includes the two parts: mail envelope and the mail. In the next diagram, we can see the structure of “mail component”, which includes also two parts: the “mail part” that includes the mail body, and the mail header.
Page 19 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Mail envelope – the “mail fields” that hold the value of the sender and the recipient The mail envelope uses the following fields for storing information about the sender identity and the destination recipient identity: 1. The sender identity – the Mail envelope uses a “mail field” named – MAIL FROM, for “holding” the information about the sender identity (the sender E-mail address). 2. The recipient identity – the Mail envelope uses a “mail field” named – RCPT TO, for “holding” the information about the recipient identity (the destination recipient E-mail address).
Page 20 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Mail header– the “mail fields” that hold the value of the sender and the recipient Regarding the “mail component”, the part which holds the information about the sender and recipient identities is the Mail header. The mail header, uses the following fields for storing information about the sender identity and the destination recipient identity: 1. The sender identity – the Mail header uses a “mail field” named – FROM, for “holding” the information about the sender identity (the sender E-mail address). 2. The recipient identity – the Mail header uses a “mail field” named – TO, for “holding” the information about the recipient identity (the destination recipient E-mail address).
Page 21 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Additional reading  How to review and mitigate the impact of phishing attacks in Office 365  The common types of spear phish we see today  How antispoofing protection works in Office 365  Email authentication should work out of the box and we should not rely upon domain owners to do it themselves The next article in the current article series is How does sender verification work? (How we identify Spoof mail) | The five hero’s SPF, DKIM DMARC, Exchange and Exchange Online protection | Part 9#9

Recommandé

PATHS Demo: Exploring Digital Cultural Heritage Spaces
PATHS Demo: Exploring Digital Cultural Heritage Spaces PATHS Demo: Exploring Digital Cultural Heritage Spaces
PATHS Demo: Exploring Digital Cultural Heritage Spaces
pathsproject
 
TAM-2012-07 R C PS Malayakulam - DFC
TAM-2012-07 R C PS Malayakulam - DFCTAM-2012-07 R C PS Malayakulam - DFC
TAM-2012-07 R C PS Malayakulam - DFC
designforchangechallenge
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
Eyal Doron
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
Eyal Doron
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Eyal Doron
 
Fichas de la y
Fichas de la yFichas de la y
Fichas de la y
Trini Martínez Ballesteros
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...
Eyal Doron
 
IND-2012-299 Alok Bharati Public School -Golden Hour
IND-2012-299 Alok Bharati Public School -Golden HourIND-2012-299 Alok Bharati Public School -Golden Hour
IND-2012-299 Alok Bharati Public School -Golden Hour
designforchangechallenge
 

Recommandé

PATHS Demo: Exploring Digital Cultural Heritage Spaces
PATHS Demo: Exploring Digital Cultural Heritage Spaces PATHS Demo: Exploring Digital Cultural Heritage Spaces
PATHS Demo: Exploring Digital Cultural Heritage Spaces
pathsproject
 
TAM-2012-07 R C PS Malayakulam - DFC
TAM-2012-07 R C PS Malayakulam - DFCTAM-2012-07 R C PS Malayakulam - DFC
TAM-2012-07 R C PS Malayakulam - DFC
designforchangechallenge
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
Eyal Doron
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
Eyal Doron
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Eyal Doron
 
Fichas de la y
Fichas de la yFichas de la y
Fichas de la y
Trini Martínez Ballesteros
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...
Eyal Doron
 
IND-2012-299 Alok Bharati Public School -Golden Hour
IND-2012-299 Alok Bharati Public School -Golden HourIND-2012-299 Alok Bharati Public School -Golden Hour
IND-2012-299 Alok Bharati Public School -Golden Hour
designforchangechallenge
 
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
Eyal Doron
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Eyal Doron
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Eyal Doron
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
Eyal Doron
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Eyal Doron
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...
Eyal Doron
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...
Eyal Doron
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...
Eyal Doron
 
Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4
Eyal Doron
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Eyal Doron
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Eyal Doron
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Eyal Doron
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Eyal Doron
 
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Eyal Doron
 
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Eyal Doron
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Eyal Doron
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC
 

Contenu connexe

Plus de Eyal Doron

Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Eyal Doron
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...
Eyal Doron
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...
Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
Eyal Doron
 

Plus de Eyal Doron (20)

How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...
 
Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
 
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
Microsoft remote connectivity analyzer (exrca) autodiscover troubleshooting ...
 
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
Microsoft connectivity analyzer (mca) autodiscover troubleshooting tools pa...
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
 

Dernier

一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
kumargunjan9515
 

Dernier (20)

一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 

Using sender verification for identifying spoof mail spf, dkim, dmarc, exchange and exchange online part 8#9 | Eyal Doron | o365info.com

  • 1. Page 1 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Spoof mail attack is implemented by a hostile element the try to spoof sender identity. The way for dealing with a Spoof mail attack is, by implementing a procedure, which check and verify the sender identity (verify of the sender consider as a legitimate sender of a spoofed sender). Using SPF, DKIM And DMARC, Exchange And Exchange Online For Verifying Sender Identity In the current article, we will review the way that the sender verification process is implemented by the following infrastructures: 1. Mail sender verification standards – SPF, DKIM and DMARC.
  • 2. Page 2 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 2. Exchange based environment – by using the sender authentication status. 3. Exchange Online (EOP) based environment – by using the feature of Phish filter Our main focus in this article is to understand the “identity concept” of the sender, and the specific mail fields that are used for “storing” the sender identity. In the next article – our main focus we will review the “flow” of the sender verification process that is implemented by each of the different methods. The Major Public Mail Standard For Sender Verification + The Available Option In Exchange Based Environment. A general classification of the available sender verification methods that we can use could be: 1. Public mail standard that deals with sender verification. In this “group,” we can relate to three major popular standards:  SPF (Sender Policy Framework).  DKIM (DomainKeys Identified Mail).  DMARC (Domain-based Message Authentication, Reporting & Conformance). 2. Exchange based environment
  • 3. Page 3 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 In this group, we can relate to a solution that can help us to implement a sender verification process, by using information about the sender, that includes his authentication status + his domain name (the domain name that appears on the E-mail address). The “Exchange method” can be used only for a scenario of incoming mail in which the sender E- mail address includes our domain name. In this case, we can verify the sender identity by checking his authentication status. Internal or anonymous sender The method which we use for deciding if the sender is “valid” is – by looking at the value that is “stored” in the X-MS-Exchange-Organization-AuthAs mail field. Using the above mail field is relevant to any Exchange based environment, including Office 365 that is based on Exchange Online. The concept behind this method is implemented by looking at the status of the authentication information about the recipient – the information that is stored in the X-MS-Exchange- Organization-AuthAs mail field. The basic assumption is that recipient whom their E-mail address includes our organization domain name should appear as authenticated recipient, meaning, users who provide their user credentials. In case that the status of the recipient whom his E-mail address includes our domain name is “anonymous.” This is a sign that there is some “problem” with the sender identity. 3. Exchange Online based environment (EOP – Exchange Online protection) | Phish filter EOP (Exchange Online protection) includes a method, which described as Phish filter. The mechanism of the EOP Phish filter, is based upon a concept in which the EOP server verifies the sender information that appears in the MAIL FROM and in the FROM field.  In case that the information is identical, the sender considers as “valid sender”.  In case that the information is not identical the sender considers as “non-valid sender.” Note – Booth of this method can be implemented only for “incoming mail.” In other words, we cannot use this method for “protect” our recipient’s identity in a scenario in which our recipient sends an E-mail message to external recipients.
  • 4. Page 4 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 How exactly we define the “sender”? 1. SPF and DKIM standard SPF and DKIM standard, define the “sender identity” by relating to the E-mail address of the sender. If we want to be more accurate, the SPF standard relates to the “right part” of the E-mail address meaning, the domain name, and the DKIM standard, relates to the “whole E-mail address.”  The SPF standard relates to the sender E-mail address that appears in the MAIL FROM mail field (the information that appears on the mail envelope).  The DKIM standard relates to the sender E-mail address that appears in the FROM mail field (the information that appears in the mail header).
  • 5. Page 5 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 2. DMARC The DMARC standard relies on the SPF or the DKIM standards, as the mechanism for implementing sender verification. The added value to the DMARC standard regarding the subject of verifying sender identity is implemented by using an additional “layer” of tests that relate to the sender verification. In other words, the DMARC standard performs more stringent verification tests. For example, when we use the DMARC standard, the DMARC will check if the E-mail message passes the SPF check. Even if the SPF check status is “pass,” the DMARC Will performs an additional test described as “alignment,” in which he checks if the E-mail message that appears in the MAIL FROM field is equal to the E-mail address that appears in the FROM field Additional reading SPF  Sender Policy Framework  Sender Policy Framework  How can I create an SPF record for my domain?  How To use an SPF Record to Prevent Spoofing & Improve E-mail Reliability  An Overview of the Sender Policy Framework  Explaining SPF  About SPF and DKIM DKIM
  • 6. Page 6 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016  DomainKeys Identified Mail (DKIM)  DomainKeys Identified Mail  What is DKIM? Everything You Need to Know About Digital Signatures  DKIM Explained: How to Set Up and Use DomainKeys Identified Mail Effectively  DKIM – Domain Keys Identified Mail | Basic introduction | Part 1#5 DMARC  DMARC – FAQ  What is DMARC?  DMARC Inspector  DMARC: Monitor & secure your email delivery  A brief DMARC primer 3. Exchange based environment | Recipient authentication status. In Exchange based environment, we can use an additional “peace of information,” that appears on the E-mail message (mail header) that tells us if the recipient considers as authenticated recipient or not. One of the “forms” of Spoof mail attack is realized, is when the attacker, use “our organizational identity” (an E-mail address that includes our domain name) for attacking our users. In this case, we can use the information that is stored in the X-MS-Exchange-Organization- AuthAs mail field for identifying an event of a Spoof mail attack “(spoof sender). Our basic assumption is that each of our users should provide his user credentials. In a scenario of Spoof mail attack, the hostile element that uses the identity of one of our organization users, doesn’t provide ant credentials. For example – if the sender E-mail address includes our organization domain name + the sender considers as a non-authenticated user (anonymous), this is a “sign” for a Spoof E-mail.
  • 7. Page 7 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 4. Exchange Online – Phish Filter The term “Phish Filter,” describe a specific filter that is used by the EOP server for identifying a possible event of Spoof mail. This is a Spoof E-mail identification mechanism, that exists for Office 365 customers or for a customer who uses EOP (Exchange Online protection) as a standalone version. The Phish Filter mechanism that is implemented by EOP acts similar to the DMARC alignment concept, that is implemented relating to SPF. The EOP Phish Filter verifies that the E-mail address (sender identity) that appears in the MAIL FROM field is identical to the sender identity that appears on the FROM field.
  • 8. Page 8 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Where Is The Sender Identity Being Stored And How Does The Sender Identity Verification Process Is Implemented? 1. SPF standard The SPF sender identity verification is implemented in the following way: The mail server that represents the destination recipient, “fetch” the domain name from the E-mail address of the sender, who appears in the MAIL FROM field. The destination mail server verifies the sender identity, by verifying if the source mail server is authorized to send E-mail on behalf of the specific domain. The verification process is implemented by using a dedicated SPF record (TXT record) that includes the IP address of the authorized mail servers for a specific domain. 2. DKIM standard The DKIM sender identity verification is implemented in the following way: The mail server that represents the destination recipient, “fetch” the E-mail address of the sender, who appears on the FROM field. The destination mail server verifies the sender identity by verifying the digital signature that appears in the mail header.
  • 9. Page 9 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 3. DMARC The DMARC standard relies on the SPF or the DKIM standards as the mechanism for implementing sender verification. The purpose of the DMARC standard is to – verify the results that were accepted by performing the sender verification by the SPF or DKIM. In case that the results are “OK” (the sender verification status is “pass”), the DMARC sender verification process “move on” to the next step which describes as “alignment.” Regarding the SPF result – DMARC verifies if the E-mail address that appears in the MAIL FROM field is identical to the E-mail address that appears in the FROM field.
  • 10. Page 10 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Regarding the DKIM result – DMARC verifies if the DKIM selector domain name is identical to the domain name of the sender. Note – the DMARC standard includes additional features and components that extend the management of sender verification tasks. For example – the DMARC DNS record, include “instruction” to “another mail infrastructure”, in case that they identify E-mail messages that include our domain name as spoof E-mail. The “instruction” includes our recommendation regarding “what to do this E-mail message” such as ignore, quarantine or block. 4. Exchange based environment | recipient authentication status. The “sender” that addresses Exchange server could be 1. Any sender from any organization that asks to send E-mail message recipient hosted on the Exchange server 2. An Exchange user whom his mailbox is hosted on an Exchange In a scenario in which the “sender” use E-mail address, that includes the domain name that is hosted on the Exchange server, the basic assumption is – that this is an “Exchange user” that has an Exchange mailbox, and for this reason, this “user” should prove his identity by providing user credentials.
  • 11. Page 11 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The information about the authentication process is saved by Exchange in a dedicated mail field named – X-MS-Exchange-Organization-AuthAs  If the user provides his credentials, the authentication status of the recipient is “internal.”  If the user didn’t provide his credentials, the authentication status of the recipient is “anonymous.” In a scenario in which a sender “claim” that he belongs to the Exchange organization, meaning that he uses the E-mail address, that includes the domain name that is hosted at Exchange but the sender doesn’t provide his credentials; this is a sign that the sender is probably a spoofed sender. In other words, the status of the sender who is saved in the X-MS-Exchange-Organization-AuthAs field appears as anonymous. 5. Exchange Online – Phish Filter EOP (Exchange Online protection) includes a built-in filter mechanism (Phish Filter) which was created to identify an event of an E-mail message that has a high chance of being Spoof mail. The EOP Phish Filter work in a similar way as the DMARC alignment concept that is implemented relating to SPF. The EOP Phish Filter verifies that the E-mail address (sender identity) that appears in the MAIL FROM is identical to the sender identity that appears on the FROM mail field. If there is a difference, the E-mail message will be “stamped” using a warning message that will notify the user, that this E-mail message could be a Spoof mail.
  • 12. Page 12 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Major Differences Between Sender Verification Mail Standard And Exchange Based Solutions. As mentioned, when we go to the “Spoof E-mail attack war,” there is a variety of weapons to choose from. Some of these “weapons,” are public mail standards that can be adapted by any mail infrastructure, and some of them can be used only in the case that the mail infrastructure is based on Exchange mail server or Exchange Online (Office 365 customers). The major differences between the Exchange based solutions versus the “public mail standard” are: 1. DNS configuration settings When we use the Exchange based mechanism for identifying an event of Spoof E-mail, there is no need for using additional configurations such as DNS records. 2. Incoming mail flow The Exchange based solution’s mechanism for identifying an event of Spoof mail can be implemented only regarding scenarios of – incoming mail. The meaning is – events in which hostile element try to “attack” the Exchange recipient. Using the SPF, DKIM and DMARC for protecting ourselves from a scenario in which hostile element uses our identity. Just as short reminder, the problem of “Spoof mail” can be realized in two main flavors:
  • 13. Page 13 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016  Case 1 – a scenario in which hostile element attacks our user by sending them Spoof mail.  Case 2 – a scenario in which hostile element, uses our organizational identity (E-mail address that includes our domain name) for attacking other organizations. When using a public mail standard such as SPF and DKIM, we have the ability to “announce” other organizations, if a specific E-mail message in which the sender uses our domain name, is a legitimate E-mail message or not. For example, when using SPF, we can inform other organizations, which are the authorized mail server that can send an E-mail message on behalf of our domain name. In addition, some mail stand such as SPF and DMARC enables us to instruct another mail infrastructure “what to do” in case that the E-mail message that sent seemingly by one of our recipients didn’t send from an authorized mail server. The Exchange and the Exchange Online options don’t include a mechanism that can be used in such scenarios of outbound mail. What Is The Best Option For Identifying Of Spoof E-Mail? Without knowing you personally, I’m pretty sure that after reading all the above information, the following question could appear in your mind: Q: What is the bottom line? Which is the “right tool” for my organization? A: The answer that I have included a couple of parts:
  • 14. Page 14 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Better something than nothing It’s better to start with the implementation of at least one mail sender verification standard versus “not doing anything,” and leave your organization mail infrastructure exposed to a variety of risk and dangers. Using a specific sender verification mechanism versus a combination of more than one mechanism Theoretically, we can be satisfied with only one ” chosen” mail standard or mechanism such as – SPF, DKIM or one the Exchange option. In reality, the “true” solution, will need to be based on more than one standard because, the different standard completes each other, and each of them covers other or different type Spoof mail scenarios. Baby step | Step by step The best practice is to start with a simple sender verification standard, and only after we feel comfortable, “move on” to the next step in which we implement an additional standard. My opinion is that the simplest option is – to start with the implementation of the SPF standard because the SPF standard can be described as a relatively easy standard to implement. In case that your mail infrastructure is based on Exchange infrastructure, it’s recommended also to add the “additional layer,” in which we use Exchange rule, that identifies an event in which incoming mail includes the sender who has our E-mail address but doesn’t provide user credentials. Note – if you want to read more information about the way for how to implement the “Exchange option” using a Spoof E-mail rule, you can read the article – Detect spoof E-mail and send an incident report using Exchange Online rule (Learning mode) |Part 2#12
  • 15. Page 15 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 So, what is the best combination of sender identification standard options? The answer is – that there is no specific “cocktail” that can be described as the “best cocktail”. For example – a reasonable question could be- Q1: Why not to use all the available options? Q2: Can we use the concept of more the better? A: The answer is “Yes,” and “No.” Theoretically, it’s better to use all the available options that we can use for identifying events of Spoof E-mail, but we should not forget that each of these “standard” or “mechanism” requires its own resources. The resource that will need to be allocated to:  Learning and implementing the required configuration settings for each of the “sender verification solutions”
  • 16. Page 16 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016  The ongoing tasks such as – monitoring the events of a Spoof mail that were “captured” by the specific standard – the need to review and examine the E-mail items that was identified as Spoof mail and the need to decide what to do with this E-mail item. The Secret Location Of The Sender E-Mail Address As mentioned, the mail standard that verifies the sender identity verifies the information about the E-mail address of the sender. The SMTP protocol defines two mail fields, that were created for storing information about the identity of the sender’s meaning, the E-mail address of the sender.  One type of “information” about the sender, is kept in a mail field named – MAIL FROM that is “located” in the mail envelope.  One type of “information” about the sender, is kept in a mail field named – FROM that is “located” in the mail header. The mail envelope considers as a “temporary data store” that serves as a “logical container” for data, in the phase of the SMTP session in which two mail servers communicate.
  • 17. Page 17 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 The mail envelope concept is very similar to a “psychical mail envelope.” After the E-mail, the message is accepted by the destination mail server that represents the destination recipient, and after the destination mail server reads all the required information that is stored in the mail envelope, the mail envelope is “destroyed.” In this phase, two optional questions can appear in our mind: Q1: Why do we need to use two different mail field for storing the information about the sender identity (the sender E-mail address)? Q2: Why are you telling me all of this information? How this information related to the topic in question? A1: The main purpose of the “sender information” that appears in the mail envelope (MAIL FROM) is to serve as a “return mail” address. “Return mail” address used by the destination mail server, in a scenario in which the E-mail message could not be sent to the destination recipient, and the mail server will need to “return the mail” to his original sender. The main purpose of the “sender information” that appears in the mail header (FROM) is to inform the destination recipient, who is the sender that “wrote” the E-mail message. In some scenarios, the sender who appears in the MAIL FROM (the mail envelope) can be different from the sender identity that appears in the FROM field (the mail header). A2: The reason that I tell you this “boring information” is, because the mail standard – SPF and DKIM use this the information stored in this field (MAIL FROM and FROM) for getting the information about the sender identity, and implementing the sender verification procedure.
  • 18. Page 18 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Note- the SPF standard process is configured to verify the sender information that is stored in the MAIL FROM field only. In other words, the SPF sender verification process, will not relate to sender information stored in the FROM field. This is a built-in weakness that can be exploited by hostile elements. If you want to read more information about this vulnerability, you can read the article – How can hostile element execute Spoof E-mail attack and bypass existing SPF implementation? | introduction | 1#2 The E-mail message components – mail envelope, the mail and the mail header In the following diagram, we can see the structure of a standard E-mail message that includes the two parts: mail envelope and the mail. In the next diagram, we can see the structure of “mail component”, which includes also two parts: the “mail part” that includes the mail body, and the mail header.
  • 19. Page 19 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Mail envelope – the “mail fields” that hold the value of the sender and the recipient The mail envelope uses the following fields for storing information about the sender identity and the destination recipient identity: 1. The sender identity – the Mail envelope uses a “mail field” named – MAIL FROM, for “holding” the information about the sender identity (the sender E-mail address). 2. The recipient identity – the Mail envelope uses a “mail field” named – RCPT TO, for “holding” the information about the recipient identity (the destination recipient E-mail address).
  • 20. Page 20 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Mail header– the “mail fields” that hold the value of the sender and the recipient Regarding the “mail component”, the part which holds the information about the sender and recipient identities is the Mail header. The mail header, uses the following fields for storing information about the sender identity and the destination recipient identity: 1. The sender identity – the Mail header uses a “mail field” named – FROM, for “holding” the information about the sender identity (the sender E-mail address). 2. The recipient identity – the Mail header uses a “mail field” named – TO, for “holding” the information about the recipient identity (the destination recipient E-mail address).
  • 21. Page 21 of 21 | Using sender verification for identifying Spoof mail | SPF, DKIM, DMARC, Exchange and Exchange Online |Part 8#9 Written by Eyal Doron | o365info.com | Copyright © 2012-2016 Additional reading  How to review and mitigate the impact of phishing attacks in Office 365  The common types of spear phish we see today  How antispoofing protection works in Office 365  Email authentication should work out of the box and we should not rely upon domain owners to do it themselves The next article in the current article series is How does sender verification work? (How we identify Spoof mail) | The five hero’s SPF, DKIM DMARC, Exchange and Exchange Online protection | Part 9#9