Email Security
Email Spoofing
Email header |
Address displayed: spoof@google.com
Received: from emkei.cz
Reply-To: spoof@gmail.com
Defense Against Email Spoofing
Domain-based Message Authentication, Reporting & Conformance (DMARC)
DMARC is built based on SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Message) to verify sender’s identity.SPF performs checking on sender IP addresses of email to verify the IP address is authorized by the domain. You can validate SPF record at proofprint.com.
DKIM performs checking on digital signature of email which is generated by MTA (Mail Transfer Agent) to ensure the email is sent and authorized by the owner of the domain. You can validate DKIM record at dmarcanalyzer.com.
The diagram below shows how DMARC works.
Illustration retrieved from https://www.dmarcanalyzer.com/dmarc/ |
Summary of multi-layered approach to phishing defences by CPNI
Spoofing OpenPGP and S/MIME Signatures
https://github.com/RUB-NDS/Johnny-You-Are-Fired/Attack classes
- Cryptographic Message Syntax (CMS) attack
- GPG API attack
- MIME attack
- ID attack
- User Interface (UI) attack