DMARC for Email Security
The next step to improving email security with DNSSEC, SPF, DKIM and DMARC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Google Security | AWS Security | DNS Security
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I’ve been showing you how to improve security for DNS and email in the last few posts, starting with DNSSEC.
The next DNS record we’re going to add to improve email security is called a DMARC record.
Note that you will either need to set up SPF or DKIM before setting up DMARC (and both is better). I have a post on SPF prior to DKIM. I showed you how to set those up in the following posts.
I’m using Google’s instructions here to generate a record. You’ll need to refer to your own email provider instructions if you don’t use Google for email.
If you read through that article it provides a sample record:
It also tells you what each of those values means. I’m not going to repeat the whole table here but it starts like this:
I took the sample above and swap out the emails for my own. I also want to quarantine records to see what’s getting rejected — at least initially.
The problem with the record
v=DMARC1; p=quarantine; rua=mailto:postmaster@[yourdomain]; ruf=mailto:dmarc@[yourdomain]; pct=100; adkim=s; aspf=s
Initially I had some typos in my records. Refere to this post to check for common errors:
What is interesting is that Google does not support ruf which are forensic or failure reports, and after implementing DMARC I really could have used more details about failures.
Next we head over to our domain at Route 53 and add a TXT record, the way we did in prior posts.
Name: _dmarc:
Value: Your dmarc policy shown above.
Make sure you change your emails in the above policy to valid emails for your domain.
Refer to my prior posts if you are unfamiliar with how to create DNS TXT records.
If you want to test out your policies you can find more in this post:
https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf
References with more information if you want to get more into the details of how this all works and why you should set it up:
In the next post, I take a look at how to test if your email security is working as expected.
Testing DNS records for errors
Validating DKIM, DMARC and SPF records with external sites
medium.com
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab