How to Secure Your Email (DMARC, DKIM, SPF Tutorial)
Summary
TLDRIn this informative video, Heath Adams, known as The Cyber Mentor, delves into the critical topic of email security. He emphasizes the importance of three key protocols: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance). Adams demonstrates how to use the website easydmarc.com to assess and fortify email defenses against phishing and spoofing attacks. The video guides viewers through setting up and verifying SPF and DMARC records, and explains the significance of each protocol. It also touches on the challenges of managing email security and how easydmarc simplifies the process by aggregating reports and providing tools for easy setup and policy management. Adams concludes by encouraging viewers to take advantage of the free trial offered by easydmarc to enhance their email security.
Takeaways
- 🛡️ Email security is crucial for organizations and relies on three main protocols: SPF, DKIM, and DMARC.
- 🔍 SPF (Sender Policy Framework) prevents email spoofing by verifying that the sender's domain is authorized to send emails.
- 📄 DKIM (DomainKeys Identified Mail) uses digital signatures to ensure the content of an email remains unaltered and trustworthy.
- 🔑 DMARC (Domain-based Message Authentication, Reporting, and Conformance) is considered the most important protocol as it aggregates reports and helps in policy enforcement.
- 📉 The video demonstrates using easyDMARC.com to scan and analyze domain security, identifying issues and providing solutions.
- 📝 easyDMARC provides a free scanner that gives a domain security score and detailed information on how to improve it.
- 🎯 Activating and properly setting up SPF and DKIM records are essential steps in enhancing email security.
- ⏱️ easyDMARC simplifies the process of setting up and verifying SPF and DMARC records with straightforward instructions.
- 📊 DMARC policies can start as 'none' for initial review and then be changed to 'quarantine' or 'reject' based on the organization's comfort level with reviewing reports.
- 📋 easyDMARC offers tools like SPF setup and policy generators, making it easier to configure and maintain email security protocols.
- 📧 Forwarded emails and their sources can be monitored through easyDMARC to ensure compliance and identify potential threats.
- 🚫 Quarantining emails can be annoying and less effective than blocking them, as they still reach the recipient's server, albeit in a quarantine folder.
Q & A
What are the three key protocols for email security mentioned in the video?
-The three key protocols for email security mentioned are SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance).
How does SPF help prevent email spoofing?
-SPF helps prevent email spoofing by allowing domains to specify which mail servers are allowed to send emails on behalf of that domain. This way, if an email is sent from an unauthorized server, it can be identified as spam or spoofed.
What is DKIM and how does it ensure the trustworthiness of an email's content?
-DKIM is a technique that uses a digital signature to ensure that the content of an email remains trustworthy and unaltered from the moment it leaves the initial sender to when it reaches the recipient. The signature is created based on the content of the email and a private key known only to the sender.
What is the primary purpose of DMARC?
-DMARC's primary purpose is to provide a mechanism for domain owners to publish policies about email messages that claim to be from their domain. It builds on SPF and DKIM by providing a way to report and enforce the results of those authentication checks.
How can using a service like easyDMARC help with email security?
-Using a service like easyDMARC can help with email security by providing a user-friendly interface to set up and manage SPF, DKIM, and DMARC records. It also offers a centralized platform for reporting and analysis, making it easier to understand and act on security threats.
What does a DMARC policy of 'none' mean?
-A DMARC policy of 'none' means that even if an email fails authentication checks, it will still be delivered to the recipient's inbox. It is often used initially while setting up DMARC to avoid blocking legitimate emails while the system is being configured and tested.
What is the difference between 'quarantine' and 'reject' in DMARC policy?
-A 'quarantine' policy in DMARC means that failing emails will be sent to the recipient's spam or junk folder, while a 'reject' policy means that the emails will not be delivered at all.
How does easyDMARC help with SPF record setup?
-easyDMARC provides an 'easy SPF' feature that allows users to activate and manage their SPF records through a simple interface. It also helps users to identify and add legitimate sources from which emails are sent.
What is the process of adding a domain to easyDMARC?
-To add a domain to easyDMARC, you need to enter your domain name, verify it by adding a CNAME record to your domain's DNS settings, and then wait for DNS propagation. Once verified, you can set up SPF and DMARC records through the platform.
How can easyDMARC help in reviewing and acting on email security reports?
-easyDMARC aggregates all email security reports into its system, allowing users to easily parse through the data and identify threats. It also provides tools for generating and updating DMARC policies based on the findings from the reports.
Why is it recommended to start with a DMARC policy of 'none' and then move to 'quarantine' and 'reject'?
-Starting with a 'none' policy allows organizations to monitor and review incoming emails without impacting the delivery of legitimate emails. Once they are confident in their setup and have a clear understanding of what constitutes a threat, they can move to 'quarantine' and eventually 'reject' to better secure their email environment.
Outlines
🔒 Email Security Fundamentals
This paragraph introduces the topic of email security and emphasizes the importance of three key protocols: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance). The speaker discusses how these protocols can fortify an organization's email defenses against phishing and spoofing attacks. A demonstration is provided using easydmarc.com to analyze and improve the domain's email security score, highlighting the setup and analysis of SPF records and the significance of DKIM for email content integrity.
🛠️ Setting Up Domain Security with EasyDMARC
The speaker guides viewers through the process of setting up email security for a domain using EasyDMARC. This includes adding a domain, verifying it by adding a CNAME record, and waiting for DNS propagation. The paragraph also covers activating Easy SPF to enhance SPF records and the initial setup of DMARC with a policy of 'none', which allows all emails to pass for initial review. The speaker explains the process of reviewing reports to understand threats and the decision to switch from a quarantine to a reject policy for suspected spoofed emails.
✅ Enhancing Email Security with SPF and DMARC
The paragraph focuses on further enhancing email security by building out SPF records to include legitimate sources like Google Workspace and MailerLite. It also covers the use of DMARC policy generators to create more advanced configurations, including setting policies to reject emails that fail DMARC checks. The speaker shares tools and strategies for managing forwarded emails and ensuring they are legitimate. The video concludes with a recommendation of EasyDMARC as a valuable tool for email security, offering a free trial for viewers to test the service.
Mindmap
Keywords
💡Email Security
💡SPF (Sender Policy Framework)
💡DKIM (DomainKeys Identified Mail)
💡DMARC (Domain-based Message Authentication, Reporting, and Conformance)
💡Phishing Attacks
💡Spoofing Attacks
💡Quarantine Policy
💡easyDMARC
💡DNS Propagation
💡Compliance and Reporting
💡Aggregate Reports
Highlights
Email security is crucial and relies on three key protocols: SPF, DKIM, and DMARC.
SPF (Sender Policy Framework) prevents domain spoofing by verifying the sender's domain.
DKIM (DomainKeys Identified Mail) uses digital signatures to ensure email content remains unaltered and trustworthy.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is arguably the most important protocol for email security.
EasyDMARC.com provides a free scanner to analyze and improve domain security.
The video demonstrates how to use EasyDMARC to scan and improve a domain's SPF, DKIM, and DMARC settings.
DMARC policy can be set to 'none' initially, then changed to 'quarantine' or 'reject' based on report review.
Quarantining emails can be annoying and difficult to parse, which is why blocking them is recommended after review.
EasyDMARC simplifies the process of setting up and managing email security protocols.
The platform provides tools to generate and manage SPF and DMARC records easily.
EasyDMARC offers a free trial, allowing users to test the service without any cost.
The video shows a step-by-step guide on setting up a domain on EasyDMARC and verifying it.
Activating Easy SPF can automatically populate SPF records with legitimate sending sources.
DMARC policies can be customized to fit an organization's needs, with options for subdomain policies and advanced configurations.
Aggregated reports on EasyDMARC make it easier to review and understand email security threats.
The Cyber Mentor, Heath Adams, demonstrates practical applications of email security protocols to protect against phishing and spoofing attacks.
EasyDMARC's user-friendly interface and guidance make it accessible for users regardless of their technical expertise.
Transcripts
what's up YouTube TCM here back with
another video and today we're going to
be talking about email security and how
you can fortify your organization's
email defenses so email security really
hinges on three protocols we have SPF we
have dkim and most importantly we have
Demar these three Protocols are going to
be key to your organization's email
defenses and I'm going to cover these
today what they are and how you can
actually protect yourself from fishing
attacks and spoofing attacks and all the
other things in between so let's go
ahead and just Dive Right into this okay
so to show you these protocols and to
explain what they are we're going to use
a site called easyd mark.com this has a
free scanner on here if you just scroll
down a little bit it says analyze your
domain security you can just come right
here and type in your domain name I'm
just going to put in my domain which is
tcm.com and I'm just going to hit scan
here
okay and we come back with a 4 out of 10
not great we are getting dinged on
DeMark and SPF it looks like we're doing
okay on dcam and then Bim we don't have
to worry about Bim this is a little bit
more of advanced security so we're
really going to focus on these three
main email protocols here okay so what's
cool is we can actually click on see
details for this report and it's going
to bring up all the details here so what
we can do is we can actually click into
any of these categories for example
examp Le let's click on SPF here okay so
I'm going to come to the screen for a
second let's talk about what SPF
actually is SPF is the sender policy
framework so this is what's going to
prevent bad people from spoofing your
domain so if you don't want people to
act as if they were you from your domain
you really need to have your SPF records
set up correctly so let's take a look at
this so we get a valid here 7 out of 10
score we got one issue detected I can
come here and just check out the issue
it's going to tell me what my issues are
it's going to give me exact details here
it's even going to show me the record
that I'm using now so I can kind of
evaluate that against the different
lookups that they did and educate myself
if I want to go fix this what's actually
kind of cool too is if you scroll down
just a little bit they will show you a
video hey what is SPF if you don't know
what SPF is you're not familiar with
email security they've got you covered
here too which is actually really cool
thing okay coming back to the report our
dkim looks okay but if you're not
familiar with dkim that is your domain
identified mail so this is a technique
that is used to ensure that the content
of an email remains trustworthy and
unaltered from the moment that it
actually leaves the initial sender to
when it reaches the recipient in
layman's terms deim is using a digital
signature when you're sending an email
and that signature is created based on
the content of the email and the private
key is only known to the sender so it's
extra security for your email now moving
on we have DeMark and this is argu
arguably the most important thing so
let's go ahead and see what our Demar
looks like now our Demar status is valid
this is actually set up okay on our
behalf we aren't using easyd Mark
reporting in this instance so we're
marked as inactive I think we're dinged
a little bit but really we're dinged
here for this quarantine policy and it
even tells you if we scroll down just a
little bit what the warnings are here so
it's saying hey you're you're missing
something you're you're doing
quarantines in reality you should be
blocking these right so you should be
using a reject we are quarantining and
I'm going to show you what quarantining
looks like it's the most annoying thing
ever okay so historically if you look
what I do I have all of my Demar emails
go directly into the trash all right why
because they are just annoying they do
not parse very easily and it's just not
great like if we dig into this one for
example we come here
we get a gzip file which is an XML so we
have to download this XML and look at
the report if we pull the report what it
looks like you get this XML file and
it's just a bunch of gibberish if you
don't know what you're looking at so how
do I actually understand this report
it's very confusing so this is the
problem with email security it's very
easy even as a security professional to
just get overwhelmed by email security
and that is where easy DeMark comes in
it is a great platform it's very easy to
use literally easy is in their name if
it wasn't easy I would be very upset it
is very easy to use you get to actually
aggregate all of your reports into their
system instead of having to go to your
email for quarantine which is annoying
and you can actually parse through the
data very easily they also have SPF set
up and a bunch of other features I'm
going to show you all that right now so
let's go back to easyd Mark and actually
look what setting up a domain looks like
okay so I just got logged in everything
I'm about to show you
is on the easy DeMark website all you
have to do is click on the link in the
description below this video to get
access if you use my link you will get a
free trial so you can try this out
completely free don't have to pay for
anything and check out easyd Mark you
can follow along with me if you want and
set up your domain just like I am doing
okay so the first thing I need to do is
I need to come in here and add a domain
so it's going to say hey what's your
domain I'm going to come in here and
just say tcm.com and and I'm just going
to hit add
here okay and then it's going to say hey
you need to verify your domain so what
we need to do is we need to go add a
cname record into our records on our
domain so I'm going to go do that now
okay I have gone into my zone editor and
all I did was follow the directions on
screen copied and pasted what I needed
to very very straightforward very easy
I'm just going to go ahead and add the
cname record into my record
okay and I've got a success now we are
good there so I'm going to go back to
easyd Mark and now all I need to do is
verify that I did this correctly so I'm
going to hit
verify and hey look at that your DeMark
record has been added cool so now we
need to wait for DNS to propagate it
could take several hours that's okay
okay and we've been told that our domain
has been verified and added and we
should start seeing report in the next
24 hours awesome so our dmark was just
set up that easily okay so now you can
see we got a one out of one score all
we're going to do is wait for our
reports to actually come through so
we're going to give this 24 hours or
sell we'll come back and just see what
the reports actually look like in the
meantime we can also look at SPF they
have this additional feature here called
easy SPF now ours is already set up but
I do want to show you what the SPF looks
like here so it says hey this is not
enabled let's go ahead and activate that
so I'm going to activate my SPF record
here and it's telling me what do I need
to do to actually activate EAS SPF same
thing all you got to do is go into your
Zone editor and add this in so I'm going
to go do that right
now okay so I went through it I just
verified it it took probably 5 minutes
for this to actually propagate and so
now we are verified you can see it just
said hey EAS SPF is is verified and
activated cool so now we are activated
and we've got EAS SPF working for us it
is literally that easy all right so now
I'm going to go back to my
dashboard and we can see that everything
is going to be good to go look one out
of one on all of these things my email
security is better than it was before
okay we can even go to easy DeMark again
and do a domain scan and see how we're
doing now we got a green mark on our SPF
green mark on our dkm and we're at a
five now we are getting dinged on our D
mark But there is a reason for this
let's go to C details and you'll notice
that we're getting dinged on Demar most
specifically because we don't have a
domain policy currently so remember that
P equals well it's set To None right now
because in theory best practice actually
states that we should have it as none
until we start reviewing reports we can
do quarantining once we're good with
quarantining then we can move into
reject all right so right now this is
absolutely fine once we do a little bit
of report reviewing and get along in the
process then we can move to that reject
feature so I'm going to leave it as is
for now and we'll come back and look at
some reports here in just a second okay
so it's been a few days now I have gone
through I've evaluated my reporting so
if we scroll down just a little bit we
could see the different reports in here
we're going to cover that in just a
second we are now set to quarantine and
I'll explain that let's go ahead and go
to aggregate reports and compliance and
so while we're waiting here we initially
set this to none none means hey all
emails go through even if they're
spoofed they're going to go right to the
inbox quarantine means hey we're going
to quarantine those even if they're
spoofed they're probably going to go to
somebody's spam filter but those emails
are still there so you can kind of see
the different settings that are in here
as they were coming through and what's a
threat what's not a threat and you can
kind of come through and see okay who's
trying to spoof us so all of our mails
coming from Google workspace or Gmail
you can see hey we've got DeMark pass
SPF pass that's great and this looks
good Gmail is our compliant and trusted
workspace okay we've got a couple of
non-compliant emails coming through here
from something called server off.net and
this is showing as blacklisted in five
lists so this is probably something that
could be potentially a threat
not sure what this is server offer is
not something we're doing so somebody is
spoofing our email you can see a DeMark
fail and SPF fail here now threats
unknown here again we've got this
unknown source looks like it's coming
out of South Africa okay and it's
getting delivered right we're still
under quarantine however it's getting
delivered and it's just going to their
quarantine mailbox or their spam filter
but that doesn't mean it's not getting
sent so we want to make sure we switch
this to reject lastly we can look at
forwarded emails and see what's
forwarding for us so mailer light that
looks correct Gmail forwarding Google
workspace that's all fine and we are
using all of these things so this all
makes sense from a admin perspective
this looks right now I do want to show
you a couple of tools we already looked
at easy SPF before but we just set it up
very very basic right we just have this
very simple SPF right here what you
really truly want to do is you want to
come in here and you want to activate
this and you want to add sources I have
this deactivated just because I have our
SPF set very
specifically okay so we want to look at
the legitimate sources that we're going
to be sending to for example we're going
to be sending from Google right so we
want to send from Google workspace or
Gmail so I come in here that
automatically puts the record in and I
just hit add and look it starts building
out this SPF record here again I can
come in here add another source and say
hey well I'm using mailer light so I'm
going to come in here and say oh look
mailer light awesome I can come in here
and add that and we can continue to
build out this record so when we do
activate easy SPF it already has all of
these in here for us nice we don't have
to build anything out now the other
thing I want to show you is if we go
into tools here and we go to DeMark for
example they actually have generators
for you which is really really nice and
so you can see our current policy right
here is set to quarantine but let's say
that I instead of putting it in
quarantine I actually want to just
reject now well I can come in here and
say okay I'm done quarantining let's go
ahead and reject those emails so that
they don't even send out we can't be
spoofed at all and we can come here and
generate that for us we can also do an
advanced configuration where we come
through here and we can put in subdomain
policies all different kinds of stuff
and if you saw our records before you
saw they were a little bit more
complicated and this is where you can
kind of get into the nitty-gritty fine
details but just as an example we can
generate this and then guess what it
generates this nice record for you it
sets it to reject has everything in here
and then it mails to this reporting side
right here and you get to collect all
that information easy breezy so this is
very very very easy to do and it was
that easy to set everything up easyd
Mark is an awesome tool they even give
you the answers for free if you want to
go set this up they give you the scanner
you can go do all this on your own but
it's a pain looking through quarantine
reports is a pain and just digging
through all that stuff is not easy at
all it took literally 5 minutes to get
both my SPF and my dmar setup and that
was really really painless so this is a
great tool if you're interested in using
this again check out the description
below completely free trial you can use
that link sign up play around with this
and see if you find Value in it cuz I
surely do so that is it for the video as
always my name is Heath Adams AKA The
Cyber mentor and I do thank you for
joining me peace out
Parcourir plus de vidéos associées
Top 5 Security Tips for Google Workspace Gmail - Authentication and Infrastructure
How to Avoid Spam Filters: 12 Tips from Snov.io
the CHEAPEST path to becoming an ethical hacker
How To Stake WMT | World Mobile Vault Guide - Passive Crypto Income
Make Outlook & Gmail Signature using Canva
Identity Insights | Combating Generative AI Powered Fraud Attacks
5.0 / 5 (0 votes)