Design and Implementation of a DMARC Verification Result Notification System

Damages caused by spoofed e-mails as sent from a bank, a public organization and so on become serious social problems. In such e-mails attackers forge the sender address to defraud receivers of their personal and/or secret information. As a countermeasure against spoofed e-mails, sender domain authentication methods such as SPF and DKIM are frequently utilized. However, since most spoofed e-mails do not include DKIM signature in their e-mail header, those e-mails cannot be authenticated by the conventional system. Additionally DKIM has a problem that cannot determine whether the attached signature is legitimate. In this paper, we propose a method to detect spoofed e-mails and alert the user without DKIM signature by utilizing DMARC and implement a system that sends DMARC verification results to receivers. By utilizing this system, the users can obtain alerts for spoofed e-mails that the existing systems cannot warn

DANE Trusted Email for Supply Chain Management

Supply chain management is critically dependent on trusted email mechanisms that address forgery, confidentiality, and sender authenticity. The IETF protocol ‘Domain Authentication of Named Entities’ (DANE) described in this paper has been extended from its initial goal of providing TLS web site validation to also offer a foundation for globally scalable and interoperable email security. Widespread deployment of DANE will require more than raw technology standards, however. Workflow automation mechanisms will need to emerge in order to simplify the publishing and retrieval of cryptographic credentials that are applicable for general audiences. Security policy enforcement will also need to be addressed. This paper gives a descriptive tutorial of trusted email technologies, shows how DANE solves key distribution logistics, and then suggests desirable automation components that could accelerate deployment of DANE-based trusted email. Pilot deployments are briefly described

OSINT-based Email Analyzer for Phishing Detection

It is more and more common to receive emails asking for credentials. They usually say that there is some kind of issue that must be solved by accessing the involved service using the link inside the message text. These emails are often malicious, thought to steal users' or employees' credentials and gain access to personal or corporate areas. This scenario is commonly known as phishing, and nowadays it is the most common cause of corporate data breaches. The attacker tries to exploit human vulnerabilities like fear, concern or carelessness to obtain what would be difficult to achieve otherwise. Even if it is easy from an expert point of view to recognize such attempts, it is not so simple to automatize their detection, due to the fact that there are various techniques to elude systematic checks. Nevertheless, Würth Phoenix wants to improve their cyber defense against any possible threat, and hence they assigned me the task of working on phishing emails detection. This thesis presents a novel program that can analyze all emails delivered to a specifically set up email server without any filtering on incoming traffic, which is then called a "spam-trap-box." Additionally, it is configured with accounts registered for domains owned by failed companies that used to operate in the same industry of Würth Phoenix customers. This way it is more probable to analyze traffic similar to the one in a real case scenario. The innovative part of the analysis implemented is the use of Open Source Intelligence (OSINT) to compare the most relevant parts of an email with evidence of other phishing attempts indexed on the web, which are generally known as Indicators of Compromise (IoCs). After the inspection, if an email is categorized as malicious, new IoCs are created to feed the Würth Phoenix Security Operation Center (SOC), which is the service responsible for the protection against cyber threats offered to their customers. The new indicators include more information than the ones used during the analysis, and the findings are inherent to clients' businesses, thus the SOC has more details to use while analyzing their email traffic

Teaching Tip: Hook, Line, and Sinker – The Development of a Phishing Exercise to Enhance Cybersecurity Awareness

In this paper, we describe the development of an in-class exercise designed to teach students how to craft social engineering attacks. Specifically, we focus on the development of phishing emails. Providing an opportunity to craft offensive attacks not only helps prepare students for a career in penetration testing but can also enhance their ability to detect and defend against similar methods. First, we discuss the relevant background. Second, we outline the requirements necessary to implement the exercise. Third, we describe how we implemented the exercise. Finally, we discuss our results and share student feedback

Rancang Bangun Mail Server dengan Microsoft Exchange Server dan Postfix Relay pada PT Alumindo Multi Persada

PT. Alumindo Multi Persada merupakan perusahaan yang bergerak di bidang jasa konstruksi di Kota Batam. Saat ini pertukaran informasi dan pertukaran data melalui surat elektronik atau Email adalah metode yang paling sering digunakan oleh sebagian besar perusahaan. Sebelumnya, perusahaan tersebut menggunakan layanan email pihak ketiga yang kita kenal sebagai gmail serta menggunakan domain yang disediakan dari pihak ketiga sebagai identitas email mereka. Penggunaan layanan email pihak ketiga tidak terlalu efisien karena ada campur tangan pihak ketiga dalam email mereka. Oleh karena itu, perusahaan akan membutuhkan mail server pribadi untuk mengelola email mereka secara private. Dengan mail server pribadi, perusahaan tersebut dapat menggunakan domain mereka sendiri sebagai identitas email untuk memperkuat brand perusahaannya dan apabila jika terjadi error pada mail server dapat segera diatasi oleh support dari perusahaannya. Dalam penelitian ini, Microsoft Exchange Server akan dikonfigurasi sebagai mail server utama dan Postfix sebagai mail server relay. Mail server utama akan digunakan untuk manajemen pengguna dan transmisi email internal dan mail server relay menangani transmisi email external (Public). Mail server dan domain hosting dikonfigurasi SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), dan DMARC (Domain-based Message Authentication, Reporting Conformance) agar tidak dianggap sebagai SPAM dan tidak diblacklist oleh mail server external

Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy

The critical role played by email has led to a range of extension protocols (e.g., SPF, DKIM, DMARC) designed to protect against the spoofing of email sender domains. These protocols are complex as is, but are further complicated by automated email forwarding -- used by individual users to manage multiple accounts and by mailing lists to redistribute messages. In this paper, we explore how such email forwarding and its implementations can break the implicit assumptions in widely deployed anti-spoofing protocols. Using large-scale empirical measurements of 20 email forwarding services (16 leading email providers and four popular mailing list services), we identify a range of security issues rooted in forwarding behavior and show how they can be combined to reliably evade existing anti-spoofing controls. We show how this allows attackers to not only deliver spoofed email messages to prominent email providers (e.g., Gmail, Microsoft Outlook, and Zoho), but also reliably spoof email on behalf of tens of thousands of popular domains including sensitive domains used by organizations in government (e.g., state.gov), finance (e.g., transunion.com), law (e.g., perkinscoie.com) and news (e.g., washingtonpost.com) among others

My Email Communications Security Assessment (MECSA): 2018 Results

This JRC technical report presents the results obtained by the My Email Communications Security Assessment (MECSA) tool. MECSA is an online1 tool developed by the Joint Research Centre to assess the security of email communications between email providers. Email communications continue to be one of the most widespread forms of digital communications with thousands of millions of emails exchanged on a daily basis. It is estimated that 72% of the European population use email either in mobile phones, tablets or computers. It is the means of digital communication used by most Europeans on a daily basis (Special Eurobarometer 462, 2017. Published July 2018.) MECSA is the outcome of our research on the security of email communications. It servers a triple purpose. Firstly, it allows us to monitor the adoption of modern email security standards in the current ecosystem of email providers, assessing their capability to protect the confidentiality, integrity and authenticity of the email exchange amongst them. Secondly, MECSA aims to become a one-stop shop for email users to receive an indication of the capability of their email providers to protect their email exchange in the communication with other providers of the ecosystem. Finally, MECSA aims to become a reference tool for professionals and a mean to promote the adoption of modern email security standards in Europe.JRC.E.3-Cyber and Digital Citizens' Securit