Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ensuring Email Deliverability While Combating Phishing

Ensuring Email Deliverability While Combating Phishing

a.k.a. "IIT HELPDESK is not helpful"

View my notes here: https://docs.google.com/document/d/1qXrVE361mUwh-ljr-2T81LTPkJ8jhfMkZA_oveAShNc/edit?usp=sharing

Talk given at ForenSecure 2014. See http://forensecure.sat.iit.edu/ for more info on the conference.

Ba67192dbdd5d91bd0726a25903c48eb?s=128

Eric Tendian

April 17, 2014
Tweet

More Decks by Eric Tendian

Other Decks in Technology

Transcript

  1. IIT HELPDESK ENSURING EMAIL DELIVERABILITY WHILE COMBATING PHISHING ! ERIC

    TENDIAN, TENDIAN.IO is not helpful
  2. None
  3. None
  4. None
  5. How did we get here?

  6. But first, who is this random freshman talking to you?

    Eric Tendian Binary Sentinel, CEO, Student Hi, I’m @EricTendian on Twitter, Github Send your spam to eric@tendian.io Read what I write at eric.tendian.io HIRE ME at www.tendian.io
  7. BACKGROUND INCOMING

  8. Getting emails delivered:
 Easy, right? Your Mail Server

  9. Still easy, right? AOL Yahoo Goog Live .edu Etc… ISPs

    Spam Folder Your Mail Server
  10. Hmm... AOL Yahoo Goog Live .edu Etc… ISPs Spam Folder

    Your Mail Server
  11. Um... AOL Yahoo Goog Live .edu Etc… ISPs Spam Folder

    Your Mail Server Spamhaus SURBL Invaluement CBL SPAMCOP Etc… BlackLists
  12. Help! AOL Yahoo Goog Live .edu Etc… ISPs Spam Folder

    Your Mail Server SORBS BSB CBL PSBL SPAMCOP Etc… BlackLists Goog McAfee Mail Trust Spam Assassin Cloudmark Etc… Spam Filters
  13. What kinds of email go through this mess?

  14. Everything. But in case you’re wondering, there’s two main types

    of email for businesses…
  15. Marketing Email

  16. Marketing Email Newsletters,

  17. Marketing Email Newsletters, Promotions,

  18. Marketing Email Newsletters, Promotions, Mass Announcements,

  19. Marketing Email Newsletters, Promotions, Mass Announcements, Other mass emails

  20. Marketing Email Newsletters, Promotions, Mass Announcements, Other mass emails One-to-Many

  21. Transactional Email

  22. Transactional Email Statements,

  23. Transactional Email Statements, Updates,

  24. Transactional Email Statements, Updates, Confirmations,

  25. Transactional Email Statements, Updates, Confirmations, Shipping Notifications,

  26. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications,

  27. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

  28. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

    Notifications,
  29. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

    Notifications, Reminders,
  30. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

    Notifications, Reminders, Password Delivery,
  31. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

    Notifications, Reminders, Password Delivery, Cancellations,
  32. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

    Notifications, Reminders, Password Delivery, Cancellations, Announcements
  33. Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

    Notifications, Reminders, Password Delivery, Cancellations, Announcements Many-to-Many
  34. Did you know: 20% of email never arrives. *According to

    Return Path research study on commercial email
  35. Why is this?

  36. SPF SMTP Dedicated IP IP History DNS Setup Domain History

    DKIM DMARC Honeypot abuse@
  37. Standard spam filter

  38. Standard spam filter Tests for: • Strange/malformed headers • Spam-like

    wording in the message body • Mentions of common spam keywords • Cialis, Viagra, etc. • Misspellings of words Scored and ranked to generate a “spam score”
  39. Sender Identification “Did you really send this?” SPF DKIM DMARC

  40. None
  41. None
  42. None
  43. None
  44. Holy Trinity of Email Security: SPF+DKIM+DMARC

  45. “I use all three! I’m fully protected now, right?”

  46. REPUTATION MATTERS

  47. IP Reputation 169.254.219.226 169.254.219.226 Shared IP Dedicated IP

  48. BLACKLISTS

  49. How do I end up on a blacklist? Spam Traps!

    a.k.a. honeypots
  50. Okay, let’s review • Standard spam filter: regex tests •

    DNS tests • SPF, “I give you permission” - good • DKIM, “email key exchange” - better • DMARC, “did SPF and DKIM pass?” - best • Shared server? Watch your rep • Caught by spam trap? Blacklisted
  51. So how do we get rid of “IIT HELPDESK”? TIPS

    & TRICKS INCOMING
  52. CAN-SPAM Act Compliance

  53. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information
  54. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information ✓ Don’t use deceptive subject lines
  55. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information ✓ Don’t use deceptive subject lines ✓ Identify the message as an advertisement
  56. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information ✓ Don’t use deceptive subject lines ✓ Identify the message as an advertisement ✓ Tell recipients where you’re located
  57. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information ✓ Don’t use deceptive subject lines ✓ Identify the message as an advertisement ✓ Tell recipients where you’re located ✓ Tell recipients how to opt out of receiving future email from you (unsubscribe link clearly displayed)
  58. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information ✓ Don’t use deceptive subject lines ✓ Identify the message as an advertisement ✓ Tell recipients where you’re located ✓ Tell recipients how to opt out of receiving future email from you (unsubscribe link clearly displayed) ✓ Honor opt-out requests promptly
  59. CAN-SPAM Act Compliance ✓ Don’t use false or misleading header

    information ✓ Don’t use deceptive subject lines ✓ Identify the message as an advertisement ✓ Tell recipients where you’re located ✓ Tell recipients how to opt out of receiving future email from you (unsubscribe link clearly displayed) ✓ Honor opt-out requests promptly ✓ Monitor what others are doing on your behalf
  60. Simple Tips/Tricks

  61. Simple Tips/Tricks ✓ Shared IP Address?

  62. Simple Tips/Tricks ✓ Shared IP Address? ✓ Check IP address

    for previous abuse (on blacklists? use reputation lookup tools)
  63. Simple Tips/Tricks ✓ Shared IP Address? ✓ Check IP address

    for previous abuse (on blacklists? use reputation lookup tools) ✓ Setup postmaster@, abuse@, etc.
  64. Simple Tips/Tricks ✓ Shared IP Address? ✓ Check IP address

    for previous abuse (on blacklists? use reputation lookup tools) ✓ Setup postmaster@, abuse@, etc. ✓ Make sure DNS registration is up-to-date
  65. Simple Tips/Tricks ✓ Shared IP Address? ✓ Check IP address

    for previous abuse (on blacklists? use reputation lookup tools) ✓ Setup postmaster@, abuse@, etc. ✓ Make sure DNS registration is up-to-date ✓ Unsubscribe links added?
  66. Complex Tips/Tricks

  67. Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC

  68. Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep

    spam filters updated w/ custom tests
  69. Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep

    spam filters updated w/ custom tests ✓ Check blacklists regularly
  70. Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep

    spam filters updated w/ custom tests ✓ Check blacklists regularly ✓ Make your own spam trap
  71. Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep

    spam filters updated w/ custom tests ✓ Check blacklists regularly ✓ Make your own spam trap ✓ Use managed email solutions when possible
  72. Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep

    spam filters updated w/ custom tests ✓ Check blacklists regularly ✓ Make your own spam trap ✓ Use managed email solutions when possible ✓ Include tracking in all emails to check deliverability
  73. Feedback is important

  74. Strive for…

  75. Strive for… Right Message to the Right Person at the

    Right Time with the Right Frequency
  76. EDUCATE YOUR USERS

  77. Email is confusing.

  78. Spam is everywhere.

  79. You can fight back!

  80. Give the phishers some Asian Carp.

  81. THANKS! ! QUESTIONS? @EricTendian / eric@tendian.io / tendian.io