What is DMARC and what are its advantages?

This article is part of Explained Simply Series, A series that aims to explain complex terminologies in a short & concise manner. DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication protocol. It builds on the widely deployed SPF and DKIM protocols, adding a reporting function that allows senders and receivers […]

What is Email abuse ?

Anyone can send email to anyone else, within seconds, at zero apparent cost. That is the greatest strength of the Internet mail system. It is also its greatest weakness. Because the system is biased in favour of delivery, it is prone to abuse in the form of spam, viruses, and phishing scams. The very features […]

What is Phishing ?

Definition The term phishing is a general term for the creation and use by criminals of e-mails and websites – designed to look like they come from well-known, legitimate and trusted businesses, financial institutions and government agencies – in an attempt to gather personal, financial and sensitive information. Why ? These criminals deceive Internet users into disclosing their bank […]

Why DMARC?

People and companies around the world suffer from the high volume of spam and phishing on the Internet. Over the years several methods have been introduced to try and identify when mail from (for example) myrealcompany.com really is, or really isn’t coming from myrealcompany.com. However: These mechanisms all work separately and  isolated from each other Each […]

Forging the sender address

One of the ways an attacker tries to penetrate an organisation is by emails. An attacker in a remote part of the planet can send a malicious email and start attacking an organisation. For obvious reasons an attacker would not want to be identified, therefore the attacker forges the sender address to cover his/her tracks. […]

Types of E-Mail Abuse where the Sender Address is Forged

Spammers  – As they want to avoid receiving non-delivery notifications (bounces) to their real addresses. Fraudsters  – As they want to cover their tracks and remain anonymous. Computer worms – Worms want to cause confusion or just don’t care about which sender addresses they use. Phishers (password fishers) want to impersonate well-known, trusted identities in order […]

DKIM KEYS Consideration

Messages with DKIM signatures use a key to sign messages. Messages signed with short keys can be easily spoofed (see http://www.kb.cert.org/vuls/id/268267), so a message signed with a short key is no longer an indication that the message is properly authenticated. To best protect  users, Gmail will begin treating emails signed with less than 1024-bit keys […]

DKIM Simplified

DomainKeys Identified Mail (DKIM), is a mechanism that allows verification of the source and contents of email messages. Using DKIM, sending domains can include a cryptographic signature in outgoing email messages. A message’s signature may be verified by any (or all) MTAs (mail servers) during transit and by the Mail User Agent (MUA) upon delivery. […]

Scroll to top