Ensuring Email Deliverability While Combating Phishing

Transcript

1. IIT HELPDESK ENSURING EMAIL DELIVERABILITY WHILE COMBATING PHISHING ! ERIC

   TENDIAN, TENDIAN.IO is not helpful
2. None
3. None
4. None

5. How did we get here?

6. But first, who is this random freshman talking to you?

   Eric Tendian Binary Sentinel, CEO, Student Hi, I’m @EricTendian on Twitter, Github Send your spam to [email protected] Read what I write at eric.tendian.io HIRE ME at www.tendian.io

7. BACKGROUND INCOMING

8. Getting emails delivered:
 Easy, right? Your Mail Server

9. Still easy, right? AOL Yahoo Goog Live .edu Etc… ISPs

   Spam Folder Your Mail Server

10. Hmm... AOL Yahoo Goog Live .edu Etc… ISPs Spam Folder

    Your Mail Server

11. Um... AOL Yahoo Goog Live .edu Etc… ISPs Spam Folder

    Your Mail Server Spamhaus SURBL Invaluement CBL SPAMCOP Etc… BlackLists

12. Help! AOL Yahoo Goog Live .edu Etc… ISPs Spam Folder

    Your Mail Server SORBS BSB CBL PSBL SPAMCOP Etc… BlackLists Goog McAfee Mail Trust Spam Assassin Cloudmark Etc… Spam Filters

13. What kinds of email go through this mess?

14. Everything. But in case you’re wondering, there’s two main types

    of email for businesses…

15. Marketing Email

16. Marketing Email Newsletters,

17. Marketing Email Newsletters, Promotions,

18. Marketing Email Newsletters, Promotions, Mass Announcements,

19. Marketing Email Newsletters, Promotions, Mass Announcements, Other mass emails

20. Marketing Email Newsletters, Promotions, Mass Announcements, Other mass emails One-to-Many

21. Transactional Email

22. Transactional Email Statements,

23. Transactional Email Statements, Updates,

24. Transactional Email Statements, Updates, Confirmations,

25. Transactional Email Statements, Updates, Confirmations, Shipping Notifications,

26. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications,

27. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

28. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

    Notifications,

29. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

    Notifications, Reminders,

30. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

    Notifications, Reminders, Password Delivery,

31. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

    Notifications, Reminders, Password Delivery, Cancellations,

32. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

    Notifications, Reminders, Password Delivery, Cancellations, Announcements

33. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

    Notifications, Reminders, Password Delivery, Cancellations, Announcements Many-to-Many

34. Did you know: 20% of email never arrives. *According to

    Return Path research study on commercial email

35. Why is this?

36. SPF SMTP Dedicated IP IP History DNS Setup Domain History

    DKIM DMARC Honeypot abuse@

37. Standard spam filter

38. Standard spam filter Tests for: • Strange/malformed headers • Spam-like

    wording in the message body • Mentions of common spam keywords • Cialis, Viagra, etc. • Misspellings of words Scored and ranked to generate a “spam score”

39. Sender Identification “Did you really send this?” SPF DKIM DMARC

40. None
41. None
42. None
43. None

44. Holy Trinity of Email Security: SPF+DKIM+DMARC

45. “I use all three! I’m fully protected now, right?”

46. REPUTATION MATTERS

47. IP Reputation 169.254.219.226 169.254.219.226 Shared IP Dedicated IP

48. BLACKLISTS

49. How do I end up on a blacklist? Spam Traps!

    a.k.a. honeypots

50. Okay, let’s review • Standard spam filter: regex tests •

    DNS tests • SPF, “I give you permission” - good • DKIM, “email key exchange” - better • DMARC, “did SPF and DKIM pass?” - best • Shared server? Watch your rep • Caught by spam trap? Blacklisted

51. So how do we get rid of “IIT HELPDESK”? TIPS

    & TRICKS INCOMING

52. CAN-SPAM Act Compliance

53. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information

54. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information ✓ Don’t use deceptive subject lines

55. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information ✓ Don’t use deceptive subject lines ✓ Identify the message as an advertisement

56. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information ✓ Don’t use deceptive subject lines ✓ Identify the message as an advertisement ✓ Tell recipients where you’re located

57. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information ✓ Don’t use deceptive subject lines ✓ Identify the message as an advertisement ✓ Tell recipients where you’re located ✓ Tell recipients how to opt out of receiving future email from you (unsubscribe link clearly displayed)

58. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information ✓ Don’t use deceptive subject lines ✓ Identify the message as an advertisement ✓ Tell recipients where you’re located ✓ Tell recipients how to opt out of receiving future email from you (unsubscribe link clearly displayed) ✓ Honor opt-out requests promptly

59. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information ✓ Don’t use deceptive subject lines ✓ Identify the message as an advertisement ✓ Tell recipients where you’re located ✓ Tell recipients how to opt out of receiving future email from you (unsubscribe link clearly displayed) ✓ Honor opt-out requests promptly ✓ Monitor what others are doing on your behalf

60. Simple Tips/Tricks

61. Simple Tips/Tricks ✓ Shared IP Address?

62. Simple Tips/Tricks ✓ Shared IP Address? ✓ Check IP address

    for previous abuse (on blacklists? use reputation lookup tools)

63. Simple Tips/Tricks ✓ Shared IP Address? ✓ Check IP address

    for previous abuse (on blacklists? use reputation lookup tools) ✓ Setup postmaster@, abuse@, etc.

64. Simple Tips/Tricks ✓ Shared IP Address? ✓ Check IP address

    for previous abuse (on blacklists? use reputation lookup tools) ✓ Setup postmaster@, abuse@, etc. ✓ Make sure DNS registration is up-to-date

65. Simple Tips/Tricks ✓ Shared IP Address? ✓ Check IP address

    for previous abuse (on blacklists? use reputation lookup tools) ✓ Setup postmaster@, abuse@, etc. ✓ Make sure DNS registration is up-to-date ✓ Unsubscribe links added?

66. Complex Tips/Tricks

67. Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC

68. Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep

    spam filters updated w/ custom tests

69. Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep

    spam filters updated w/ custom tests ✓ Check blacklists regularly

70. Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep

    spam filters updated w/ custom tests ✓ Check blacklists regularly ✓ Make your own spam trap

71. Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep

    spam filters updated w/ custom tests ✓ Check blacklists regularly ✓ Make your own spam trap ✓ Use managed email solutions when possible

72. Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep

    spam filters updated w/ custom tests ✓ Check blacklists regularly ✓ Make your own spam trap ✓ Use managed email solutions when possible ✓ Include tracking in all emails to check deliverability

73. Feedback is important

74. Strive for…

75. Strive for… Right Message to the Right Person at the

    Right Time with the Right Frequency

76. EDUCATE YOUR USERS

77. Email is confusing.

78. Spam is everywhere.

79. You can fight back!

80. Give the phishers some Asian Carp.

81. THANKS! ! QUESTIONS? @EricTendian / [email protected] / tendian.io