Collaborate Disseminate
As I’m reading DMARC aggregate reports, I’ve come across a few records that have <auth_results><spf><domain> values that don’t match the envelope from, header from, or source IP reverse DNS. My understanding… Continue reading What is the SPF domain value based on in DMARC aggregate reports?
I am working on a tool that checks SPF records, and would like a way to be able to disable email from a testing subdomain, and its children, so that my test domains are not easy targets for spammers to send from.
I was plann… Continue reading How to disable email for a subdomain without using SPF
The number of federal agencies adopting a security standard that stops people from impersonating their email domains surged by more than a third just before the end of 2017, according to new research out Tuesday. However, less than two weeks away from a Department of Homeland Security deadline, more than half of all agencies still don’t use Domain-based Message Authentication, Reporting and Conformance (DMARC), according to figures published by email security provider Agari. The number of .gov domains with DMARC rose from 351 on Nov. 9 to 523 on Dec. 18. But that still represents only 47 percent of the 1106 federal domains subject to the order. Known as Binding Operational Directive 18-01, the order set a Jan. 15 deadline for agencies to adopt DMARC. “DMARC has proven to be an effective solution to secure our federal domains, but more work is needed,” said Jeanette Manfra, assistant secretary for DHS’ […]
The post New gov email report is a mixed bag ahead of DMARC deadline appeared first on Cyberscoop.
Continue reading New gov email report is a mixed bag ahead of DMARC deadline
A client recently received an email that was spoofed in a way that I’d never seen before. The following are the anonymised, relevant details from the email’s headers:
authentication-results: spf=none (sender IP is 74.208.4…. Continue reading How to set header.from?
A client recently received an email that was spoofed in a way that I’d never seen before. The following are the anonymised, relevant details from the email’s headers:
authentication-results: spf=none (sender IP is 74.208.4.197) smtp.mail… Continue reading How to set header.from?
A new security testing tool that enables email messages to be faked or spoofed, even if the recipients are protected by best practices, has garnered some strong criticism from email security advocates. News of the tool — called Mailsploit — took off last week after a Wired article highlighted the research. The tool would give would-be attackers a way around email security standards — known as DMARC — employed by a number of email clients. DMARC is the industry standard that prevents email spoofing, a practice where hackers messages appear to come from trusted correspondents. John Wilson, the field CTO for email security company Agari, told CyberScoop that while the article did contain caveats, he considered it “rather alarmist.” “If you just skim that article, you would come away with the impression that this standard, which the email industry has worked on for a decade and which has stopped remarkable […]
The post Is Mailsploit really a threat to DMARC? appeared first on Cyberscoop.
If you receive an email that looks like it’s from one of your friends, just beware! It’s possible that the email has been sent by someone else in an attempt to compromise your system.
A security researcher has discovered a collection of vulnerabilitie… Continue reading MailSploit — Email Spoofing Flaw Affects Over 30 Popular Email Clients
Adoption of the email security standard known as DMARC — the best way to stop fraudulent email like phishing messages — remains low, even among large banks and other major corporations, according to new figures. And that’s because many companies don’t know about it, and it can be very complex to implement in big enterprises. DMARC, or Domain-based Message Authentication, Reporting and Conformance, is the industry standard measure to prevent email spoofing — when hackers make their messages appear as if they come from trusted correspondents. The aim of these so-called phishing messages is to entice the recipient to click malicious links or download infected attachments. Phishing is the number one method used by hackers to gain a foothold on a company network, experts say, and a major cybercrime vector — and DMARC, when used correctly, stops it dead. But a succession of recent reports have shown that DMARC adoption rates continue to […]
The post Report: DMARC email security can be too hard for some large companies appeared first on Cyberscoop.
Continue reading Report: DMARC email security can be too hard for some large companies
Thousands of web domains belonging to hundreds of federal departments and agencies are being spoofed by email hackers, including many from Russia and other adversary nations, according to new figures reported this week. The cyberspies and online fraudsters are trying to trick message recipients into clicking on malicious links or downloading malware designed to steal passwords and other personal information, according to an analysis by cybersecurity outfit Proofpoint, which specializes in providing online security for large organizations. The company looked at nearly 70 million emails sent during October from 5,000 unique .gov parent domains protected by Proofpoint, the company’s VP of Email Fraud strategy Robert Holmes told CyberScoop. More than 3,000 of those domains had been spoofed by hackers sending phishing emails that purported to come from a trusted communicant. “We saw over 8.5 million fraudulent messages,” Holmes wrote in a blog post Monday, “Almost 10 percent of which were not even sent from a US-based [internet or IP] address.” The […]
The post Russians, other foreigners, spoofing unprotected .gov email addresses, report says appeared first on Cyberscoop.
Continue reading Russians, other foreigners, spoofing unprotected .gov email addresses, report says
The number of federal agencies employing a security protocol that stops email spoofing has more than doubled since the Department of Homeland Security instituted a binding government-wide policy last month. The number of .gov domains employing Domain-based Message Authentication, Reporting and Conformance (DMARC) has risen from 156 on Oct. 1 to 344 on Nov. 6, according to figures compiled this week by the nonprofit Global Cyber Alliance. Nearly a thousand federal domains still don’t have it deployed at all, despite the Binding Operational Directive DHS issued Oct. 16. DMARC is the industry standard measure to prevent email spoofing — when hackers make their messages appear as if they come from trusted correspondents. It’s thereby a powerful weapon against phishing — when hackers try to steal passwords or implant malware by getting victims to click links or open malicious attachments in spoofed emails. But DMARC, once deployed, has to be switched on, explained GCA’s Director of Operations […]
The post Feds upping their email security game in wake of DHS order appeared first on Cyberscoop.
Continue reading Feds upping their email security game in wake of DHS order