DMARC Configuration Process

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
there's a lot of information out there that either way oversimplifies Demar or way over complexifies it I'm aiming in this video to show you the real process that you need to go through to set up Demar here we [Music] [Applause] go all right let me walk through this process with you now remember again big picture the goal is simple keep your eye on the prize we need to set up SPF and dkm for all of our vendors then flip Demar over to reject to eliminate any other source of sending emails on behalf of our domain that's the whole goal of Demar stop fishing stop impersonation right so the challenge that you're going to have in your real world business is who are the venders this is the number one challenge that everybody has with Demar everybody being everybody that has a domain for any amount of time because over years and years and years of domains existing many departments in the organization especially large organizations have found their own vendors so it completely divorced from that selection process is pretty much just getting messages from other departments saying hey can you add this to the DNS header we chose a vendor and they're like oh okay so years of that has happened and those vendors have come and those vendors have gone and all the records all the SPF records the dkim records they're all out of date they're all a mess we don't even know who the vendors are anymore right and this is why it people are like I'm not touching this right that's been the challenge is it folk are like I'm not flipping on DeMark equals reject and then the CEO's Pet Project gets sent to everybody's spam inbox and I get I get my job lost right because I was trying to secure our email and I didn't even know that the CEO had this vendor over here or that that you know F fill in the scenario right you get what I'm trying to say so so there's a real process that we can use to discover that and it all starts with Demar Discovery or what I would call reporting I'm going to show you how to set this up in one of the subsequent videos but but right now it starts off with you and I going in and setting up Demar to just gather data we're not changing policy we're not blocking vendors we're not doing any of that stuff we're just saying I want to see who is sending on behalf of this domain and you let that run for 30 to 60 days why do you think we do that that's a one to two month cycle usually I mean you might say oh I monitored for a week well that's great but what if the newsletter blast goes out every third week right you don't know the email Trends right now of your organization if you haven't done Demar before so turn it on and start discovering what those are when do we see these big blasts going out where are they coming from what I I see this vendor sending on behalf of our domain and that there becomes your your your joy right in this process is like okay I see 15 vendors sending on behalf of our domain that I gathered in those 30 to 60 SEC 30 to 60 days right who are those and yes a lot of times that means it is now sending an email to the leaders of the different departments in an organization being like here's a list of the vendors that we have sending email on your behalf is any of these yours please take responsibility for your vendors that are sending using our domain because we need to secure them right and I'm sure there's some some uh email logic that you can put you know some some verbiage that you can use that that sounds really good right now some of the challeng is when you're doing this in this discovery reporting process sometimes the vendor is using a third party like let's just say there's a vendor using AWS to send email on your behalf right now you're an needle and a hay stack sometimes you're like uh and so so sometimes it it's going to take a little longer to try and discover where those are or you might start going with the DAT and I I don't mean to dive too far into this but this is the major prohibitor like this is it that keeps Demar from taking over the world is because you're like I just saw we sent 200,000 emails on the 10th of July nobody knows who did that right and so the email may sound like let me show you the graph I saw 200,000 emails go out on the 10th of July what I mean somebody did that right what department I it came from AWS what department sent 200,000 right this is the trickiness of of uh Demar so that's the first thing we do our Discovery process then we modify or create a new SPF record now remember the SPF record is a list of all the email servers that are allowed to to relay on behalf of your domain most uh domains have that it's it's just part of as as time goes on but the challenge is everybody forgets to remove them when we're no longer using that vendor right we remember to add them but we forget to remove them so your job as you go through is to add the active ones and eliminate the inactive because there's a limit of 10 I'm not going to dive too deep into that right now it's it's not technically a limit uh it's 10 domain names can be listed in the S SPF header I'm pointing at this paper but you're seeing my face 10 domain names so in your SPF so you've got SPF equals and and you've got you know server one comma server two comma server three comma etc etc etc right uh there's a list of 10 DNS names in here there's unlimited IP addresses and that's led to something called SPF flattening uh which is a bad practice but I'm not even going to get into that right now um just just for now keep in mind it's you you create your SPF I'm just going through the process right then you add dkim to the vendors so every one of these vendors that ended up in your SPF record you should add deim to it assuming they support it most email vendors do at this place so think of it think of it this way you're configuring DeMark SPF is like okay you passed level one it's kind of a weak level like you made it in because SPF records and I'll talk about those in another video if I haven't already um the the SPF records kind of a weak way ident you're like yeah it's that group of servers over there right those servers could be thousands of them uh DCM is like okay chunk you're down to level two that's a more secure way because you actually go to that vendor you're like that vendor is going to put a stamp on every email that they send that says I'm approved and every email server that receives from that vendor is going to verify that stamp is accurate with our DNS uh configuration right so dkm SPF is good but but often not enough dkim is very good and will often up the email reputation of that vendor sub substantially then you monitor again and I'm saying maybe um you know before you want to flip that flag on Demar E's reject again we're back to number one you might have missed something maybe you missed maybe you know every once every three months they sent an email blast out using some vendor right so you might just want to glance again and go okay or you know pick your time based on what you know about your company and how often you're sending email final step then is to configure Demar equals reject as soon as you've done that now only the servers listed in the SPF and only the servers with deim configured are allowed to relay on behalf of your domain everything else is blocked your email reputation goes through the roof you have fantastic email reputation um and now Demar is configured for your domain that's that's we'll call it the five-step Jeremy process that isn't too complex but also isn't too simple right hope this has been informative for you and I'd like to thank you for [Music] viewing
Info
Channel: Viatto
Views: 4,088
Rating: undefined out of 5
Keywords:
Id: 00L9C9enPcI
Channel Id: undefined
Length: 8min 21sec (501 seconds)
Published: Tue Jan 30 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.