DMARC for beginners (or, deflecting bounty begging)
- Andrew McDonnell
- Comfy con au 2022 winter
- September 4, 2022
Email still runs on SMTP, which must be close to one of the oldest application protocols still in common use. Security was not a high priority design factor. Which can make it easy to spoof. Fortunately this can be mitigated with a few tweaks of your email provider settings (some even set it already for you; others just have wizards that suggest you fix it!) However, effectively configuring these features, known as SPF, DKIM, and DMARC, can often be overlooked in the presence of higher priorities, and coupled with wonderful free online reporting tools anyone can click a few buttons then send you a copy/paste message claiming they are an “ethical hacker”, and could you spare them a bounty please? I will walk through the experience of first receiving one of these emails, discuss the relevant security settings, and then outline one approach for dealing with the subsequent annoyance that arises, making sense of the resulting flood of XML reports from your email providers.