Skip to main content

DKIM, DMAARC, SPF

DMARC, SPF, and DKIM all serve to authenticate the origin of an email and verify that it has not been altered during transit.

DKIM - Domain key identified mail. 

DKIM is an email authentication protocol. It allows the recipient email server to check the mail message content has not been altered in transit. 

To configure this, you need to configure a DKIM dns record in your dns configuration. The dkim record contains a public key that will be used by the recipient email server to verify the digital signature of your outgoing emails. Here is an example:

dkim._domainkey.avi.com. IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYKtB+LlbcK3qAsvH8WJpf7h/fnJm3qcRez5Kjr5m5n5r2X9nptjKkut/zCmmyhN/KjdvbYFl2HU6Nb/xlkU6K/DX6+UJzCBRu1OjKLdYgQP0oV6FbMyxU80MjUfZ6iHAV7fL0zqoV7LljK5r5i0oQP9X0ZKjRZc4I4jnL/b57mB35RRRwSVC+1t/Mjt3vq8tsCmTljK/zH+TpvNgYTfKjxwe+myFRs/XFAG8E2/gT4q3JvjKWjC8Rfmbdd9S5+5lEJnD5K7V+wBHkUh7VFjKtM8BVFrI9G9ul7Vx+gJZ8V7P+djKmPyV7e/Ewe8mV7I9tfyz/V7cxoZfKtYwIDAQAB"

You need to generate this using dkim key generator. Once you add this on your dns server, now you need to configure your email server to sign your outgoing emails using dkim private key and then it becomes digital signature which is used to sign your emails. 

When you signs your mail using this signature then this dkim signature data is added to your email message header. The receiving server receives your mail and extracts the signature data and hash algorithm from the email body. Also it extracts the public key that is stored on the corresponding domain txt record. 

Now it hashes the email message body content and store the value. 
Now then using the public key, decrypt the signature data. After decrypting, it will get a value. Then it compare the value with the hashed content. If this match then the receiving mail server assumes that no one in the middle intercept or altered the email message content. 

Now i told you earlier that dkim provides integrity. It will not guarantee that the email address and email server who send the mail are legitimate or not. Because an skilled attacker can easily altered email from field and put there someone@bank.com email address. In order to secure whole email mechanism, we need dmarc and spf as well. 

DMARC:

DMARC stands for "Domain-based Message Authentication, Reporting & Conformance". It is a technical standard that provides a framework for email authentication. The aim of DMARC is to improve the trust and reliability of email communication by verifying the identity of the sender and ensuring that the email message has not been altered during transit. It checks basically the domain is authorized or not. 

For example, a receiving email server could check if an incoming message is sent from an authorized domain and whether it passes SPF and DKIM checks. If the message fails these checks, the receiving server can flag it as potentially fraudulent or reject it altogether. This helps protect users from phishing attempts and other forms of email-based malicious activity.

You need to provide a dns txt record for dmarc as well which is dmarc policy. The policies are none, quarantine and reject.

The DMARC policies specify what action should be taken by email receivers when an email fails DMARC evaluation. The three policy options are:

"none": No action is taken by the email receiver. The email is accepted and delivered to the recipient's inbox. This policy is useful for organizations that want to monitor DMARC reports and collect data before taking more aggressive actions.

"quarantine": The email is treated as potentially spam and may be delivered to the recipient's spam or junk folder, or blocked altogether. This policy is useful for organizations that want to reduce the risk of phishing and other malicious emails, but still allow legitimate emails to be delivered.

"reject": The email is rejected by the email receiver and not delivered to the recipient. This policy is the most aggressive and provides the highest level of protection against phishing and other malicious emails. However, it may also result in legitimate emails being blocked.

 
SPF:

SPF (Sender Policy Framework) is an email authentication protocol that helps protect against email spoofing. SPF works by allowing the owner of a domain to specify which mail servers are authorized to send email on behalf of their domain.

When an email is received, the receiving mail server can check the SPF record for the domain in the email's "From" field to see if the server that sent the email is authorized to do so. If the sending server is not authorized, the receiving mail server can reject or flag the email as potentially malicious.

The SPF record is published as a DNS TXT record for the domain and can be retrieved by email receivers for evaluation. The SPF record contains a list of IP addresses and/or domains that are authorized to send email for the domain.

By implementing SPF, domain owners can reduce the risk of email spoofing and increase the deliverability of legitimate email. However, it's important to note that SPF only protects against email spoofing and does not provide any guarantees about the authenticity of the email content or the identity of the sender.


Avi



Comments

Post a Comment

Popular posts from this blog

Install Nessus from docker

The below two commands you need to run first one by one:  docker run -itd --name=ramisec_nessus -p 8834:8834 ramisec/nessus docker exec -it ramisec_nessus /bin/bash /nessus/update.sh Username: admin And you need to change the password: #Enter the command line of the docker container docker exec -it ramisec_nessus bash #Execute the following commands in sequence # Enter this directory cd /opt/nessus/sbin # List logged in users ./nessuscli lsuser # Modify the password of the specified user (take admin as an example) ./nessuscli chpasswd admin After access to the nessus, make sure you turn off the automatic updates otherwise crack will not work after some time. Before any scan you need to run the update.sh command (shown above) to have the latest plugins. Now everytime your system reboots, your docker instance will be shutdown. You need to up it again manually. Here are the commands.  1. docker ps -a    Now note down the container id. 2. docker start <container id> C
Post a Comment
Read more

net command cheat sheet

  To see what users present in the system: net user To see local groups in the system: net localgroup To see domain groups. This should be run on a domain controller: net group To see the details of a user along with his/her group membership: net user mahim To see who are the members of a particular group (local machine): net localgroup "administrators"    (These are not case sensitive. You can use administrators or Administrators. Both will give you same result. To see who are the members of a particular group (domain machine): net group "domain admins" Create a local user: net user localuser1 MyP@ssw0rd /add Create a domain user: net user domainuser1 MyP@ssw0rd /add /domain Add the local user to local admin group: net localgroup Administrators localuser1 /add Add the user to domain admin group: net group "Domain Admins" domainuser1 /add /domain Avi
Post a Comment
Read more