How to Secure Your Email (DMARC, DKIM, SPF Tutorial)

00:00

what's up YouTube TCM here back with

00:02

another video and today we're going to

00:04

be talking about email security and how

00:07

you can fortify your organization's

00:09

email defenses so email security really

00:12

hinges on three protocols we have SPF we

00:16

have dkim and most importantly we have

00:19

Demar these three Protocols are going to

00:22

be key to your organization's email

00:24

defenses and I'm going to cover these

00:26

today what they are and how you can

00:28

actually protect yourself from fishing

00:31

attacks and spoofing attacks and all the

00:33

other things in between so let's go

00:35

ahead and just Dive Right into this okay

00:37

so to show you these protocols and to

00:40

explain what they are we're going to use

00:41

a site called easyd mark.com this has a

00:45

free scanner on here if you just scroll

00:47

down a little bit it says analyze your

00:49

domain security you can just come right

00:51

here and type in your domain name I'm

00:53

just going to put in my domain which is

00:55

tcm.com and I'm just going to hit scan

00:58

here

01:01

okay and we come back with a 4 out of 10

01:04

not great we are getting dinged on

01:07

DeMark and SPF it looks like we're doing

01:09

okay on dcam and then Bim we don't have

01:12

to worry about Bim this is a little bit

01:13

more of advanced security so we're

01:15

really going to focus on these three

01:17

main email protocols here okay so what's

01:20

cool is we can actually click on see

01:21

details for this report and it's going

01:23

to bring up all the details here so what

01:26

we can do is we can actually click into

01:28

any of these categories for example

01:29

examp Le let's click on SPF here okay so

01:32

I'm going to come to the screen for a

01:33

second let's talk about what SPF

01:35

actually is SPF is the sender policy

01:37

framework so this is what's going to

01:40

prevent bad people from spoofing your

01:43

domain so if you don't want people to

01:45

act as if they were you from your domain

01:47

you really need to have your SPF records

01:49

set up correctly so let's take a look at

01:51

this so we get a valid here 7 out of 10

01:54

score we got one issue detected I can

01:55

come here and just check out the issue

01:57

it's going to tell me what my issues are

01:59

it's going to give me exact details here

02:01

it's even going to show me the record

02:03

that I'm using now so I can kind of

02:05

evaluate that against the different

02:06

lookups that they did and educate myself

02:09

if I want to go fix this what's actually

02:11

kind of cool too is if you scroll down

02:13

just a little bit they will show you a

02:15

video hey what is SPF if you don't know

02:17

what SPF is you're not familiar with

02:19

email security they've got you covered

02:21

here too which is actually really cool

02:23

thing okay coming back to the report our

02:25

dkim looks okay but if you're not

02:27

familiar with dkim that is your domain

02:30

identified mail so this is a technique

02:32

that is used to ensure that the content

02:34

of an email remains trustworthy and

02:36

unaltered from the moment that it

02:38

actually leaves the initial sender to

02:40

when it reaches the recipient in

02:42

layman's terms deim is using a digital

02:45

signature when you're sending an email

02:47

and that signature is created based on

02:49

the content of the email and the private

02:51

key is only known to the sender so it's

02:53

extra security for your email now moving

02:56

on we have DeMark and this is argu

02:59

arguably the most important thing so

03:01

let's go ahead and see what our Demar

03:04

looks like now our Demar status is valid

03:07

this is actually set up okay on our

03:10

behalf we aren't using easyd Mark

03:12

reporting in this instance so we're

03:14

marked as inactive I think we're dinged

03:16

a little bit but really we're dinged

03:18

here for this quarantine policy and it

03:20

even tells you if we scroll down just a

03:22

little bit what the warnings are here so

03:24

it's saying hey you're you're missing

03:26

something you're you're doing

03:27

quarantines in reality you should be

03:30

blocking these right so you should be

03:32

using a reject we are quarantining and

03:35

I'm going to show you what quarantining

03:36

looks like it's the most annoying thing

03:38

ever okay so historically if you look

03:42

what I do I have all of my Demar emails

03:45

go directly into the trash all right why

03:50

because they are just annoying they do

03:53

not parse very easily and it's just not

03:56

great like if we dig into this one for

03:58

example we come here

04:00

we get a gzip file which is an XML so we

04:03

have to download this XML and look at

04:04

the report if we pull the report what it

04:07

looks like you get this XML file and

04:09

it's just a bunch of gibberish if you

04:11

don't know what you're looking at so how

04:13

do I actually understand this report

04:15

it's very confusing so this is the

04:17

problem with email security it's very

04:19

easy even as a security professional to

04:22

just get overwhelmed by email security

04:25

and that is where easy DeMark comes in

04:28

it is a great platform it's very easy to

04:31

use literally easy is in their name if

04:32

it wasn't easy I would be very upset it

04:35

is very easy to use you get to actually

04:38

aggregate all of your reports into their

04:40

system instead of having to go to your

04:41

email for quarantine which is annoying

04:45

and you can actually parse through the

04:46

data very easily they also have SPF set

04:48

up and a bunch of other features I'm

04:50

going to show you all that right now so

04:52

let's go back to easyd Mark and actually

04:54

look what setting up a domain looks like

04:56

okay so I just got logged in everything

04:58

I'm about to show you

05:00

is on the easy DeMark website all you

05:02

have to do is click on the link in the

05:04

description below this video to get

05:06

access if you use my link you will get a

05:09

free trial so you can try this out

05:11

completely free don't have to pay for

05:13

anything and check out easyd Mark you

05:15

can follow along with me if you want and

05:17

set up your domain just like I am doing

05:20

okay so the first thing I need to do is

05:21

I need to come in here and add a domain

05:24

so it's going to say hey what's your

05:25

domain I'm going to come in here and

05:26

just say tcm.com and and I'm just going

05:30

to hit add

05:31

here okay and then it's going to say hey

05:34

you need to verify your domain so what

05:36

we need to do is we need to go add a

05:38

cname record into our records on our

05:43

domain so I'm going to go do that now

05:46

okay I have gone into my zone editor and

05:48

all I did was follow the directions on

05:51

screen copied and pasted what I needed

05:54

to very very straightforward very easy

05:56

I'm just going to go ahead and add the

05:57

cname record into my record

06:01

okay and I've got a success now we are

06:03

good there so I'm going to go back to

06:05

easyd Mark and now all I need to do is

06:08

verify that I did this correctly so I'm

06:10

going to hit

06:12

verify and hey look at that your DeMark

06:15

record has been added cool so now we

06:18

need to wait for DNS to propagate it

06:20

could take several hours that's okay

06:23

okay and we've been told that our domain

06:25

has been verified and added and we

06:28

should start seeing report in the next

06:30

24 hours awesome so our dmark was just

06:34

set up that easily okay so now you can

06:38

see we got a one out of one score all

06:40

we're going to do is wait for our

06:42

reports to actually come through so

06:44

we're going to give this 24 hours or

06:45

sell we'll come back and just see what

06:47

the reports actually look like in the

06:49

meantime we can also look at SPF they

06:51

have this additional feature here called

06:53

easy SPF now ours is already set up but

06:55

I do want to show you what the SPF looks

06:57

like here so it says hey this is not

07:00

enabled let's go ahead and activate that

07:02

so I'm going to activate my SPF record

07:05

here and it's telling me what do I need

07:08

to do to actually activate EAS SPF same

07:11

thing all you got to do is go into your

07:13

Zone editor and add this in so I'm going

07:16

to go do that right

07:18

now okay so I went through it I just

07:21

verified it it took probably 5 minutes

07:23

for this to actually propagate and so

07:25

now we are verified you can see it just

07:27

said hey EAS SPF is is verified and

07:30

activated cool so now we are activated

07:34

and we've got EAS SPF working for us it

07:38

is literally that easy all right so now

07:42

I'm going to go back to my

07:43

dashboard and we can see that everything

07:46

is going to be good to go look one out

07:48

of one on all of these things my email

07:51

security is better than it was before

07:54

okay we can even go to easy DeMark again

07:57

and do a domain scan and see how we're

07:59

doing now we got a green mark on our SPF

08:03

green mark on our dkm and we're at a

08:06

five now we are getting dinged on our D

08:08

mark But there is a reason for this

08:10

let's go to C details and you'll notice

08:13

that we're getting dinged on Demar most

08:16

specifically because we don't have a

08:19

domain policy currently so remember that

08:21

P equals well it's set To None right now

08:24

because in theory best practice actually

08:27

states that we should have it as none

08:29

until we start reviewing reports we can

08:31

do quarantining once we're good with

08:34

quarantining then we can move into

08:36

reject all right so right now this is

08:40

absolutely fine once we do a little bit

08:42

of report reviewing and get along in the

08:44

process then we can move to that reject

08:46

feature so I'm going to leave it as is

08:48

for now and we'll come back and look at

08:50

some reports here in just a second okay

08:52

so it's been a few days now I have gone

08:55

through I've evaluated my reporting so

08:57

if we scroll down just a little bit we

08:59

could see the different reports in here

09:00

we're going to cover that in just a

09:01

second we are now set to quarantine and

09:04

I'll explain that let's go ahead and go

09:06

to aggregate reports and compliance and

09:09

so while we're waiting here we initially

09:11

set this to none none means hey all

09:13

emails go through even if they're

09:15

spoofed they're going to go right to the

09:17

inbox quarantine means hey we're going

09:19

to quarantine those even if they're

09:20

spoofed they're probably going to go to

09:22

somebody's spam filter but those emails

09:25

are still there so you can kind of see

09:27

the different settings that are in here

09:28

as they were coming through and what's a

09:30

threat what's not a threat and you can

09:32

kind of come through and see okay who's

09:34

trying to spoof us so all of our mails

09:37

coming from Google workspace or Gmail

09:39

you can see hey we've got DeMark pass

09:41

SPF pass that's great and this looks

09:44

good Gmail is our compliant and trusted

09:47

workspace okay we've got a couple of

09:49

non-compliant emails coming through here

09:51

from something called server off.net and

09:54

this is showing as blacklisted in five

09:56

lists so this is probably something that

09:58

could be potentially a threat

09:59

not sure what this is server offer is

10:01

not something we're doing so somebody is

10:03

spoofing our email you can see a DeMark

10:05

fail and SPF fail here now threats

10:09

unknown here again we've got this

10:11

unknown source looks like it's coming

10:13

out of South Africa okay and it's

10:16

getting delivered right we're still

10:18

under quarantine however it's getting

10:20

delivered and it's just going to their

10:22

quarantine mailbox or their spam filter

10:24

but that doesn't mean it's not getting

10:25

sent so we want to make sure we switch

10:28

this to reject lastly we can look at

10:30

forwarded emails and see what's

10:31

forwarding for us so mailer light that

10:34

looks correct Gmail forwarding Google

10:36

workspace that's all fine and we are

10:39

using all of these things so this all

10:41

makes sense from a admin perspective

10:44

this looks right now I do want to show

10:46

you a couple of tools we already looked

10:48

at easy SPF before but we just set it up

10:51

very very basic right we just have this

10:53

very simple SPF right here what you

10:56

really truly want to do is you want to

10:58

come in here and you want to activate

11:00

this and you want to add sources I have

11:02

this deactivated just because I have our

11:04

SPF set very

11:06

specifically okay so we want to look at

11:08

the legitimate sources that we're going

11:09

to be sending to for example we're going

11:11

to be sending from Google right so we

11:13

want to send from Google workspace or

11:15

Gmail so I come in here that

11:17

automatically puts the record in and I

11:19

just hit add and look it starts building

11:21

out this SPF record here again I can

11:24

come in here add another source and say

11:26

hey well I'm using mailer light so I'm

11:28

going to come in here and say oh look

11:30

mailer light awesome I can come in here

11:32

and add that and we can continue to

11:34

build out this record so when we do

11:36

activate easy SPF it already has all of

11:39

these in here for us nice we don't have

11:41

to build anything out now the other

11:43

thing I want to show you is if we go

11:45

into tools here and we go to DeMark for

11:47

example they actually have generators

11:50

for you which is really really nice and

11:52

so you can see our current policy right

11:55

here is set to quarantine but let's say

11:57

that I instead of putting it in

11:59

quarantine I actually want to just

12:01

reject now well I can come in here and

12:03

say okay I'm done quarantining let's go

12:06

ahead and reject those emails so that

12:07

they don't even send out we can't be

12:09

spoofed at all and we can come here and

12:11

generate that for us we can also do an

12:13

advanced configuration where we come

12:15

through here and we can put in subdomain

12:17

policies all different kinds of stuff

12:19

and if you saw our records before you

12:20

saw they were a little bit more

12:21

complicated and this is where you can

12:23

kind of get into the nitty-gritty fine

12:25

details but just as an example we can

12:27

generate this and then guess what it

12:29

generates this nice record for you it

12:31

sets it to reject has everything in here

12:34

and then it mails to this reporting side

12:36

right here and you get to collect all

12:38

that information easy breezy so this is

12:41

very very very easy to do and it was

12:44

that easy to set everything up easyd

12:48

Mark is an awesome tool they even give

12:50

you the answers for free if you want to

12:52

go set this up they give you the scanner

12:54

you can go do all this on your own but

12:57

it's a pain looking through quarantine

12:59

reports is a pain and just digging

13:02

through all that stuff is not easy at

13:04

all it took literally 5 minutes to get

13:07

both my SPF and my dmar setup and that

13:10

was really really painless so this is a

13:13

great tool if you're interested in using

13:14

this again check out the description

13:17

below completely free trial you can use

13:19

that link sign up play around with this

13:22

and see if you find Value in it cuz I

13:24

surely do so that is it for the video as

13:27

always my name is Heath Adams AKA The

13:30

Cyber mentor and I do thank you for

13:32

joining me peace out