Ensuring Email Deliverability While Combating Phishing

Slide 1

Slide 1 text

IIT HELPDESK ENSURING EMAIL DELIVERABILITY WHILE COMBATING PHISHING ! ERIC TENDIAN, TENDIAN.IO is not helpful

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

How did we get here?

Slide 6

Slide 6 text

But first, who is this random freshman talking to you? Eric Tendian Binary Sentinel, CEO, Student Hi, I’m @EricTendian on Twitter, Github Send your spam to [email protected] Read what I write at eric.tendian.io HIRE ME at www.tendian.io

Slide 7

Slide 7 text

BACKGROUND INCOMING

Slide 8

Slide 8 text

Getting emails delivered:  Easy, right? Your Mail Server

Slide 9

Slide 9 text

Still easy, right? AOL Yahoo Goog Live .edu Etc… ISPs Spam Folder Your Mail Server

Slide 10

Slide 10 text

Hmm... AOL Yahoo Goog Live .edu Etc… ISPs Spam Folder Your Mail Server

Slide 11

Slide 11 text

Um... AOL Yahoo Goog Live .edu Etc… ISPs Spam Folder Your Mail Server Spamhaus SURBL Invaluement CBL SPAMCOP Etc… BlackLists

Slide 12

Slide 12 text

Help! AOL Yahoo Goog Live .edu Etc… ISPs Spam Folder Your Mail Server SORBS BSB CBL PSBL SPAMCOP Etc… BlackLists Goog McAfee Mail Trust Spam Assassin Cloudmark Etc… Spam Filters

Slide 13

Slide 13 text

What kinds of email go through this mess?

Slide 14

Slide 14 text

Everything. But in case you’re wondering, there’s two main types of email for businesses…

Slide 15

Slide 15 text

Marketing Email

Slide 16

Slide 16 text

Marketing Email Newsletters,

Slide 17

Slide 17 text

Marketing Email Newsletters, Promotions,

Slide 18

Slide 18 text

Marketing Email Newsletters, Promotions, Mass Announcements,

Slide 19

Slide 19 text

Marketing Email Newsletters, Promotions, Mass Announcements, Other mass emails

Slide 20

Slide 20 text

Marketing Email Newsletters, Promotions, Mass Announcements, Other mass emails One-to-Many

Slide 21

Slide 21 text

Transactional Email

Slide 22

Slide 22 text

Transactional Email Statements,

Slide 23

Slide 23 text

Transactional Email Statements, Updates,

Slide 24

Slide 24 text

Transactional Email Statements, Updates, Confirmations,

Slide 25

Slide 25 text

Transactional Email Statements, Updates, Confirmations, Shipping Notifications,

Slide 26

Slide 26 text

Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications,

Slide 27

Slide 27 text

Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts,

Slide 28

Slide 28 text

Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts, Notifications,

Slide 29

Slide 29 text

Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts, Notifications, Reminders,

Slide 30

Slide 30 text

Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts, Notifications, Reminders, Password Delivery,

Slide 31

Slide 31 text

Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts, Notifications, Reminders, Password Delivery, Cancellations,

Slide 32

Slide 32 text

Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts, Notifications, Reminders, Password Delivery, Cancellations, Announcements

Slide 33

Slide 33 text

Transactional Email Statements, Updates, Confirmations, Shipping Notifications, Account Verifications, Alerts, Notifications, Reminders, Password Delivery, Cancellations, Announcements Many-to-Many

Slide 34

Slide 34 text

Did you know: 20% of email never arrives. *According to Return Path research study on commercial email

Slide 35

Slide 35 text

Why is this?

Slide 36

Slide 36 text

SPF SMTP Dedicated IP IP History DNS Setup Domain History DKIM DMARC Honeypot abuse@

Slide 37

Slide 37 text

Standard spam filter

Slide 38

Slide 38 text

Standard spam filter Tests for: • Strange/malformed headers • Spam-like wording in the message body • Mentions of common spam keywords • Cialis, Viagra, etc. • Misspellings of words Scored and ranked to generate a “spam score”

Slide 39

Slide 39 text

Sender Identification “Did you really send this?” SPF DKIM DMARC

Slide 40

Slide 40 text

No content

Slide 41

Slide 41 text

No content

Slide 42

Slide 42 text

No content

Slide 43

Slide 43 text

No content

Slide 44

Slide 44 text

Holy Trinity of Email Security: SPF+DKIM+DMARC

Slide 45

Slide 45 text

“I use all three! I’m fully protected now, right?”

Slide 46

Slide 46 text

REPUTATION MATTERS

Slide 47

Slide 47 text

IP Reputation 169.254.219.226 169.254.219.226 Shared IP Dedicated IP

Slide 48

Slide 48 text

BLACKLISTS

Slide 49

Slide 49 text

How do I end up on a blacklist? Spam Traps! a.k.a. honeypots

Slide 50

Slide 50 text

Okay, let’s review • Standard spam filter: regex tests • DNS tests • SPF, “I give you permission” - good • DKIM, “email key exchange” - better • DMARC, “did SPF and DKIM pass?” - best • Shared server? Watch your rep • Caught by spam trap? Blacklisted

Slide 51

Slide 51 text

So how do we get rid of “IIT HELPDESK”? TIPS & TRICKS INCOMING

Slide 52

Slide 52 text

CAN-SPAM Act Compliance

Slide 53

Slide 53 text

CAN-SPAM Act Compliance ✓ Don’t use false or misleading header information

Slide 54

Slide 54 text

CAN-SPAM Act Compliance ✓ Don’t use false or misleading header information ✓ Don’t use deceptive subject lines

Slide 55

Slide 55 text

CAN-SPAM Act Compliance ✓ Don’t use false or misleading header information ✓ Don’t use deceptive subject lines ✓ Identify the message as an advertisement

Slide 56

Slide 56 text

Slide 57

Slide 57 text

CAN-SPAM Act Compliance ✓ Don’t use false or misleading header information ✓ Don’t use deceptive subject lines ✓ Identify the message as an advertisement ✓ Tell recipients where you’re located ✓ Tell recipients how to opt out of receiving future email from you (unsubscribe link clearly displayed)

Slide 58

Slide 58 text

Slide 59

Slide 59 text

Slide 60

Slide 60 text

Simple Tips/Tricks

Slide 61

Slide 61 text

Simple Tips/Tricks ✓ Shared IP Address?

Slide 62

Slide 62 text

Simple Tips/Tricks ✓ Shared IP Address? ✓ Check IP address for previous abuse (on blacklists? use reputation lookup tools)

Slide 63

Slide 63 text

Simple Tips/Tricks ✓ Shared IP Address? ✓ Check IP address for previous abuse (on blacklists? use reputation lookup tools) ✓ Setup postmaster@, abuse@, etc.

Slide 64

Slide 64 text

Simple Tips/Tricks ✓ Shared IP Address? ✓ Check IP address for previous abuse (on blacklists? use reputation lookup tools) ✓ Setup postmaster@, abuse@, etc. ✓ Make sure DNS registration is up-to-date

Slide 65

Slide 65 text

Slide 66

Slide 66 text

Complex Tips/Tricks

Slide 67

Slide 67 text

Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC

Slide 68

Slide 68 text

Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep spam filters updated w/ custom tests

Slide 69

Slide 69 text

Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep spam filters updated w/ custom tests ✓ Check blacklists regularly

Slide 70

Slide 70 text

Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep spam filters updated w/ custom tests ✓ Check blacklists regularly ✓ Make your own spam trap

Slide 71

Slide 71 text

Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep spam filters updated w/ custom tests ✓ Check blacklists regularly ✓ Make your own spam trap ✓ Use managed email solutions when possible

Slide 72

Slide 72 text

Complex Tips/Tricks ✓ Use SPF, DKIM, and DMARC ✓ Keep spam filters updated w/ custom tests ✓ Check blacklists regularly ✓ Make your own spam trap ✓ Use managed email solutions when possible ✓ Include tracking in all emails to check deliverability

Slide 73

Slide 73 text

Feedback is important

Slide 74

Slide 74 text

Strive for…

Slide 75

Slide 75 text

Strive for… Right Message to the Right Person at the Right Time with the Right Frequency