Share your knowledge.
It’s a way to achieve immortality.
Dalai Lama
Post Views: 5,524
The process of “sender verification”, enables us to distinguish between a legitimate sender versus an attacker who spoofs his identity and prevent a possible Spoof mail attack. In the current article, we will review in details three sender verification standard – SPF, DKIM, DMARC and also two sender verification methods that can implement in Exchange…
Post Views: 16,832
In the current article, we will demonstrate how to simulate Spoof E-mail attack, that will bypass existing SPF sender verification implementation. The current article series include two articles. The former article is – How can hostile element execute Spoof E-mail attack and bypass existing SPF implementation? | introduction | 1#2 Disclaimer For the avoidance of…
Post Views: 4,162
In the current article series, we will learn about a structured vulnerability of the SPF mail standard, which can be easily exploited by a hostile element. The hostile element that is aware of this SPF vulnerability, can bypass the existing “SPF wall” that was built for protecting our organization recipients from Spoofing or Phishing attacks.…
Post Views: 3,530
In case that your organization experiences a scenario in which your mail server IP address appear in the Office 365 blacklist, and E-mail messages sent from your mail server is rejected by the Office 365 mail infrastructure (Exchange Online), you can use the Office 365 “delist portal”, which enable you to submit a request for…
Post Views: 29,782
In the current article, we will review the process of – How to enable outbound DKIM signing in Office 365 for our public domain name. In Office 365 based environment, the process of signing outgoing E-mail using DKIM signature happens automatically for each of the Office 365 tenant domain names. I emphasize the term “our…
Post Views: 4,996
In a scenario in which we want to use outbound DKIM signing for our public domain name in Office 365 based environment, we will need to generate 4 DNS records that will be used for the required two CNAME records. Regarding the task of the required DKIM DNS records, the primary challenge that we are…
Post Views: 3,456
The desired goal we seek to achieve is – to implement a successful process in which the sender mail infrastructure for use DKIM to Digitally sign the outgoing E-mail message. This option will enable the destination recipient to verify the DKIM data meaning – the sender identity. The purpose of the current article is to…
Post Views: 3,266
DKIM is implemented by using Digital signature. The “Digital signature” method is one of the main building blocks of the Public key infrastructure. In the current article, I want to show you a fraction of an Interesting and wonderful world of Public key infrastructure and, the way that the DKIM uses this infrastructure for implementing…
Post Views: 4,907
DKIM (Domain Keys Identified Mail) is a mail security standard that enables the sender to declare about his “identity” and allows the mail destination infrastructure, meaning the receiving mail server, to verify the identity of the originator. The central paradox regarding a security standard is that most of the time, we don’t really understand what…
Post Views: 2,944
In the current article, we will review two subjects that relate to a scenario in which organization experiences a Spoof E-mail attack: Report the Spoof E-mail as “Phishing mail”. Sent the Spoof E-mail for further analysis. Report Spoof E-mail as “Phishing mail” I try to get additional information regarding the subject of “what happens behind…
Post Views: 11,938
In the current article, we will demonstrate three options for accomplishing the task of simulating E-mail spoof attack. Our primary goal is performing a test, in which verify if the Exchange Online Spoof E-mail rule that we have created is manage to identify an event of Spoof E-mail and respond accordingly. Disclaimer It is important…
Post Views: 3,525
When we hear the term “spoof E-mail attack,” the initial association that appears to our mind is – a hacker sitting in a dark room, filled with flashing lights, which quickly tap the keyboard commands and strange markings! Sound romantic? Well, in reality, the ability to perform or simulate E-mail spoof attack is very simple…
