• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

All About Anti-Phishing Standards: SPF > DKIM > DMARC

October 30, 2017 By The Editor

For decades, businesses of all sizes have been plagued by email phishing campaigns. Despite preventative technology and educational training, the problem persists. But, it doesn’t have to. In the latest issue of Cyber Defense Magazine, WatchGuard Senior Threat Analyst Marc Laliberte breaks down the three major email authentication technology standards: SPF,  DKIM, and DMARC. In a nutshell, these solutions dramatically cut down on phishing and spam emails by verifying that the sender of a message is actually who they claim to be, and automatically quarantining or rejecting messages if they’re not.

For a preview of the major email authentication standards Marc outlines in this article, check out this excerpt:

“DKIM works by first naming a few important parts of the message to protect, usually including the FROM and TO headers, the subject header, the date header, and even the message body itself. The sending mail server then computes a cryptographic hash of the chosen sections and then encrypts it using a private key, creating a digital signature. The digital signature and a few informational fields are added back to the message as a special DKIM-Signature message header before the message is sent. Because the corresponding public key is published in a DNS TXT record for the sending domain, recipient mail servers can decrypt the hash and verify it, confirming the protected fields were not spoofed or modified in message transit.”

Read Part 1 of Marc’s anti-phishing series today in Cyber Defense Magazine and stay tuned next month for Part 2, in which Marc will explore the main reasons why these standards aren’t more broadly used and potential solutions for increasing their adoption.

In the meantime, catch up on some of this year’s trickiest email phishing scams, plus how to spot, avoid and report them here on Secplicity.

Share This:

Related

Filed Under: Editorial Articles Tagged With: Phishing

Comments

  1. Michael Whitehead says

    January 17, 2018 at 11:04 pm

    “Read Part 1 of Marc’s anti-phishing series today in Cyber Defense Magazine and stay tuned next month for Part 2, in which Marc will explore the main reasons why these standards aren’t more broadly used and potential solutions for increasing their adoption.”

    Three months later, when can we expect part 2?

    Reply
    • Corey Nachreiner says

      January 19, 2018 at 3:36 pm

      Good question. I will ask and let you know…

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use