SPF, DKIM and Mr. Post

You must have heard some buss words about phishing. Otherwise, you won’t stop by here. Yes, phishing has become a huge problem right now. I hate to say it will continue to be the one for quite a long time because there hasn’t been an effective cure for it.

You might have wondered what IT administrators or email service provides have been doing to stop these deceptive, evil-purpose emails. Trust me, they are trying their best to stop phishing attempts. But phishing is, in essence, a complicated problem.

In this post, I will scratch the surface on the technology side to explain what have been done by IT professionals to stop obnoxious phishing attempts.

Due to the relaxed STMP protocol (the protocol used to transfer emails on the network), there is no easy way to identify the real sender. You can name the sender as The President if you wish.

The industry came up with different supplementary protocols to alleviate the pain: SPF and DKIM. Both need collaboration from the owners of mail servers (MTA).

SPF (RFC 7208) has a mission to match the sending IP with the allowed IP published by the source domains. Say I am the owner of xyz.com, I only allow mails, claiming to be from xyz.com, to be sent from 1.2.3.4. So the receiving party can reject mails from any IP other than 1.2.3.4, with a sender from xyz.com. This is just one simple example for SPF. In real life, it has tons of complex situations need to be handled.

The mission of DKIM (RFC 6376) is to verify whether the mail is actually from the person who sent the mail, by verifying the signature with the key published by the sender domain.

Looks alike? Very close yet not the same. Because SPF and DKIM are using the different representations of the senders to complete the verification – that is the sender on the envelope and the sender on the letter. I will stop here because I could see the confusing expression on your faces. ?

All of them have nothing to do with phishing, do they? They just try to answer the question “Did I just get the mail from John? That John…”

What if the mail was from John’s mailbox but it was sent by someone else? SPF and DKIM cannot help. So the crucial truth is, you even cannot trust a mail from someone you know.

Some industry venders have tried to mitigate phishing risk by adopting a solution of static databases, in the hope that all phishing URLs can be recorded. It worked well until the cloud age come. The cost of setting up a virtual host is just like flipping a coin. Regardless the size and the frequency of update to the databases, the method can only cover a small portion of the mega map. And its value is often diminished by stale data.

Dealing with phishing in real time is a preferred direction. Combined with static databases, this method can catch those ephemeral sites which have not been recorded in the databases.

Even your administrators or service providers have tried their best and pray for the 100% catch rate, phishing mails are still lying in your mailbox. You don’t have a simple way to tell if it is a bad apple.

That’s why Mr. Post was born.

Mr. Post is an add-in of Outlook online version and software version. In addition to SPF and DKIM verification, it successfully fits AI into its core real-time evaluation engine.

Just one click, you become a pro and stay away from phishing!

Don’t be the next fraud victim. Install Mr. Post on Microsoft AppSource at zero cost!

GET PROTECTED NOW

Reference:

[1] Photo by chuttersnap on Unsplash, Photo by Fancycrave on Unsplash, Photo by John Carlisle on Unsplash, Photo by Jax on Unsplash

2019-03-29T02:42:32+00:00November 18th, 2018|Insight|