Share your knowledge. It’s a way to achieve immortality. Dalai Lama

How does sender verification work? (How we identify Spoof mail) | The five hero’s SPF, DKIM DMARC, Exchange and Exchange Online protection | Part 9#9 5/5 (1)

The process of “sender verification”, enables us to distinguish between a legitimate sender versus an attacker who spoof his identity and prevent a possible Spoof mail attack. In the current article, we will review in details three sender verification standard – SPF, DKIM, DMARC and also two sender verification methods that can implement in Exchange…

How to simulate Spoof E-mail attack and bypass SPF sender verification? | 2#2 5/5 (7)

In the current article, we will demonstrate how to simulate Spoof E-mail attack, that will bypass existing SPF sender verification implementation. The current article series include two articles. The former article is – How can hostile element execute Spoof E-mail attack and bypass existing SPF implementation? | introduction | 1#2 Disclaimer For the avoidance of…

How can hostile element execute Spoof E-mail attack and bypass existing SPF implementation? | introduction | 1#2 5/5 (1)

In the current article series, we will learn about a structured vulnerability of the SPF mail standard, which can be easily exploited by a hostile element. The hostile element that is aware of this SPF vulnerability, can bypass the existing “SPF wall” that was built for protecting our organization recipients from Spoofing or Phishing attacks.…

How to enable outbound DKIM signing for your domain in Office 365 | Part 5#10 5/5 (7)

In the current article, we will review the process of – How to enable outbound DKIM signing in Office 365 for our public domain name. In Office 365 based environment, the process of signing outgoing E-mail using DKIM signature happens automatically for each of the Office 365 tenant domain names. I emphasize the term “our…

Outbound DKIM signing and DNS infrastructure | Building the required DNS records for Office 365 | Part 4#10 3.67/5 (3)

In a scenario in which we want to use outbound DKIM signing for our public domain name in Office 365 based environment, we will need to generate 4 DNS records that will be used for the required two CNAME records. Regarding the task of the required DKIM DNS records, the primary challenge that we are…

DKIM as standard that based upon the Public key infrastructure | Part 2#10 5/5 (5)

DKIM is implemented by using Digital signature. The “Digital signature” method is one of the main building blocks of the Public key infrastructure. In the current article, I want to show you a fraction of an Interesting and wonderful world of Public key infrastructure and, the way that the DKIM uses this infrastructure for implementing…

DKIM – Domain Keys Identified Mail | Basic introduction | Part 1#10 5/5 (4)

DKIM (Domain Keys Identified Mail) is a mail security standard that enables the sender to declare about his “identity” and allows the mail destination infrastructure, meaning the receiving mail server, to verify the identity of the originator. The central paradox regarding a security standard is that most of the time, we don’t really understand what…

Report spoof E-mail and send E-mail for Inspection In Office 365|Part 12#12 5/5 (1)

In the current article, we will review two subjects that relate to a scenario in which organization experiences a Spoof E-mail attack: Report the Spoof E-mail as “Phishing mail”. Sent the Spoof E-mail for further analysis. Report Spoof E-mail as “Phishing mail” I try to get additional information regarding the subject of “what happens behind…

How to Simulate E-mail Spoof Attack |Part 11#12 5/5 (3)

In the current article, we will demonstrate three options for accomplishing the task of simulating E-mail spoof attack. Our primary goal is performing a test, in which verify if the Exchange Online Spoof E-mail rule that we have created is manage to identify an event of Spoof E-mail and respond accordingly. Disclaimer It is important…

How to simulate E-mail Spoof Attack |Part 10#12 5/5 (1)

When we hear the term “spoof E-mail attack,” the initial association that appears to our mind is – a hacker sitting in a dark room, filled with flashing lights, which quickly tap the keyboard commands and strange markings! Sound romantic? Well, in reality, the ability to perform or simulate E-mail spoof attack is very simple…