Skip to main content

DKIM, DMAARC, SPF

DMARC, SPF, and DKIM all serve to authenticate the origin of an email and verify that it has not been altered during transit.

DKIM - Domain key identified mail. 

DKIM is an email authentication protocol. It allows the recipient email server to check the mail message content has not been altered in transit. 

To configure this, you need to configure a DKIM dns record in your dns configuration. The dkim record contains a public key that will be used by the recipient email server to verify the digital signature of your outgoing emails. Here is an example:

dkim._domainkey.avi.com. IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYKtB+LlbcK3qAsvH8WJpf7h/fnJm3qcRez5Kjr5m5n5r2X9nptjKkut/zCmmyhN/KjdvbYFl2HU6Nb/xlkU6K/DX6+UJzCBRu1OjKLdYgQP0oV6FbMyxU80MjUfZ6iHAV7fL0zqoV7LljK5r5i0oQP9X0ZKjRZc4I4jnL/b57mB35RRRwSVC+1t/Mjt3vq8tsCmTljK/zH+TpvNgYTfKjxwe+myFRs/XFAG8E2/gT4q3JvjKWjC8Rfmbdd9S5+5lEJnD5K7V+wBHkUh7VFjKtM8BVFrI9G9ul7Vx+gJZ8V7P+djKmPyV7e/Ewe8mV7I9tfyz/V7cxoZfKtYwIDAQAB"

You need to generate this using dkim key generator. Once you add this on your dns server, now you need to configure your email server to sign your outgoing emails using dkim private key and then it becomes digital signature which is used to sign your emails. 

When you signs your mail using this signature then this dkim signature data is added to your email message header. The receiving server receives your mail and extracts the signature data and hash algorithm from the email body. Also it extracts the public key that is stored on the corresponding domain txt record. 

Now it hashes the email message body content and store the value. 
Now then using the public key, decrypt the signature data. After decrypting, it will get a value. Then it compare the value with the hashed content. If this match then the receiving mail server assumes that no one in the middle intercept or altered the email message content. 

Now i told you earlier that dkim provides integrity. It will not guarantee that the email address and email server who send the mail are legitimate or not. Because an skilled attacker can easily altered email from field and put there someone@bank.com email address. In order to secure whole email mechanism, we need dmarc and spf as well. 

DMARC:

DMARC stands for "Domain-based Message Authentication, Reporting & Conformance". It is a technical standard that provides a framework for email authentication. The aim of DMARC is to improve the trust and reliability of email communication by verifying the identity of the sender and ensuring that the email message has not been altered during transit. It checks basically the domain is authorized or not. 

For example, a receiving email server could check if an incoming message is sent from an authorized domain and whether it passes SPF and DKIM checks. If the message fails these checks, the receiving server can flag it as potentially fraudulent or reject it altogether. This helps protect users from phishing attempts and other forms of email-based malicious activity.

You need to provide a dns txt record for dmarc as well which is dmarc policy. The policies are none, quarantine and reject.

The DMARC policies specify what action should be taken by email receivers when an email fails DMARC evaluation. The three policy options are:

"none": No action is taken by the email receiver. The email is accepted and delivered to the recipient's inbox. This policy is useful for organizations that want to monitor DMARC reports and collect data before taking more aggressive actions.

"quarantine": The email is treated as potentially spam and may be delivered to the recipient's spam or junk folder, or blocked altogether. This policy is useful for organizations that want to reduce the risk of phishing and other malicious emails, but still allow legitimate emails to be delivered.

"reject": The email is rejected by the email receiver and not delivered to the recipient. This policy is the most aggressive and provides the highest level of protection against phishing and other malicious emails. However, it may also result in legitimate emails being blocked.

 
SPF:

SPF (Sender Policy Framework) is an email authentication protocol that helps protect against email spoofing. SPF works by allowing the owner of a domain to specify which mail servers are authorized to send email on behalf of their domain.

When an email is received, the receiving mail server can check the SPF record for the domain in the email's "From" field to see if the server that sent the email is authorized to do so. If the sending server is not authorized, the receiving mail server can reject or flag the email as potentially malicious.

The SPF record is published as a DNS TXT record for the domain and can be retrieved by email receivers for evaluation. The SPF record contains a list of IP addresses and/or domains that are authorized to send email for the domain.

By implementing SPF, domain owners can reduce the risk of email spoofing and increase the deliverability of legitimate email. However, it's important to note that SPF only protects against email spoofing and does not provide any guarantees about the authenticity of the email content or the identity of the sender.


Avi



Comments

Post a Comment

Popular posts from this blog

API hacking lab setup

 Follow the commands to install and configure API hacking lab: 1. Install kali linux and update all the packages.  apt update -y apt upgrade -y or apt dist-upgrade -y or apt full-upgrade -y If you face any problem regarding update, install cloud flare warp in the host machine, then again start updating packages in your kali vm.  2. Install and configure burpsuite professional.  Open burpsuite and go to Extender tab. Click on BAppStore. Search for Autorize extension, It will help us to automate authorization testing. Click on Download Jython. From Jython website click on Jython standalone and save it. Go to Extender > Options and under python environment select the jython jar file that you just downloaded. Now again go to BAppStore and re-search for Autorize extension. You will see Install option this time after selecting Autorize extension. Install it. You will see all the installed extensions under Extender > Extensions tab.  3. Install foxy proxy to prox...
Post a Comment
Read more

Installing Codename SCNR web application scanner on ubuntu | kali

  Perform the following steps from a non-root user. We will go for manual installation.  https://github.com/scnr/installer?tab=readme-ov-file#manual-installation https://github.com/scnr/installer/releases wget https://github.com/scnr/installer/releases/download/v1.7.3/scnr-v1.7.3-linux-x86_64.tar.gz   (Download using normal user) tar -xvzf scnr-v1.7.3-linux-x86_64.tar.gz cd scnr-v1.7.3 cd bin Now go to their website ( https://ecsypno.com/products/scnr ) and subscribe for community edition license from your official email.  ./scnr_activate 6XQ97FW3LVBECD0UJ5H214 ./scnr https://www.example.net/Login.aspx --system-slots-override Now they generate .ser format report after testing the application by default which is hard to read. We need html report. So for example, to generate an HTML report: ./scnr_reporter --report=html:outfile=my_report.html.zip /home/user/.scnr/reports/report.ser Avi
Post a Comment
Read more

Install Nessus from docker

Docker installation. Give the below commands one by one. apt install docker-cli or apt install docker.io After the installation is complete, if you are inside wsl then give this command to start docker, because inside wsl systemd (systemctl) does not work: service docker start WSL troubleshooting : If the above command " service docker start " does not work then use below command: dockerd (It may not work if any previous docker process is running. It will show you pid of that process. Use this command to kill that process " kill -9 pid " and run dockerd command again) If " docker ps -a " giving error like " Cannot connect to the Docker daemon at unix:///run/podman/podman.sock. Is the docker daemon running? " This is because you may installed podman-docker package. If you remove the package still you will get this error but you should remove the package. Then issue this command: env | grep -i docker DOCKER_HOST=unix:///run/podman/podman.sock   --...
Post a Comment
Read more