9.2 Email Networks and Security

Question 1

True or False

Domain Name Systems (DNS) is like the phonebook of the internet.

Answer 1

True

Question 2

What is A Record?

Answer 2

Translates a domain to an IP address.

Question 3

All the records for a particular domain are stored in a file called the _________ file.

Answer 3

All the records for a particular domain are stored in a file called the DNS zone file.

A DNS zone file lives in a DNS server.

DNS zone files contain a Time to Live (TTL), indicating how long a DNS cache will remember information in the file before having to request an updated copy.

DNS zone files also contain the DNS records with information about the domain.

Question 4

What is CNAME?

Answer 4

An alias record used to point one domain to another domain. (widgets2.com → widgets.com)

Question 5

What is CNAME?

Answer 5

An alias record used to point one domain to another domain. (widgets2.com → widgets.com)

Question 6

What is CNAME Record?

Answer 6

An alias record used to point one domain to another domain. (widgets2.com → widgets.com)

Question 7

What is SOA Record?

Answer 7

SOA (state of authority) Record: Contains administrative details about a domain, such as the email of the administrator, TTL value, and time of last update.

Question 8

What is NS Record?

Answer 8

NS (name server) Record: Indicates which server contains actual DNS records for a domain.

Question 9

True or False

There are also DNS record types that assist with email communication.

Answer 9

True

Question 10

True or False

Just like NS Records, domains can have multiple MX records in case one goes down or can’t handle all the traffic.

Answer 10

True

Question 11

True or False

TXT Records are used to include notes related to the DNS.

Answer 11

Some notes are human-readable, such as the associated company name.

Other notes are read by the computer, such as the SPF (Sender Policy Framework), which determines if an email is from a trusted server.

Question 12

What record is used if an organization send emails from mail servers outside their domain?

Answer 12

SPF Record

Mail servers may exist in another domain, and outside companies often send marketing emails on behalf of an organization.

An SPF record indicates mail servers that can send emails on behalf of a domain to prevent spam, phishing, and email spoofing, by detecting emails that
may have a forged sender email.

Question 13

How does SPF work?

Answer 13

widgets. com’s DNS SPF record indicates that 23.43.54.235 and 23.43.54.236 are the IP addresses of mail servers allowed to send emails on its behalf.
- gadgets.com receives a suspicious email from a widgets.com email.
- When the receiving email server at gadgets.com receives the email, it:
a. Checks the sending mail server’s IP address, which is 12.54.54.23.
b. Validates the DNS record of widget.com’s SPF record to confirm the sending mail server’s IP address is either 23.43.54.235 or 23.43.54.236.

Question 14

If emails are not reaching their final destination, you should check that the _______record for that particular domain is accurate.

Answer 14

MX DNS record

nslookup (name server lookup) is a command-line tool that allows us to easily look up the DNS records of any domain.

Question 15

What deos SMTP stand for?

Answer 15

Simple Mail Transfer

Question 16

What does POP3 stand for?

Answer 16

Post Office Protocol

Question 17

What does IMAP stand for?

Answer 17

Internet Message Access Protocol

Question 18

True or False

Spam is not inherently a security threat

Answer 18

True

Question 19

True or False

SPF records help determine if an email is spam.

Answer 19

True

Also matching lists of known spam senders, and keyword identification.

Question 20

What is email spoofing?

Answer 20

Email spoofing is designing emails to trick the receiver into believing they’re coming from a trusted source.

Question 21

According to a recent report from Microsoft, what is the most common cybersecurity threat?

Answer 21

Phishing

Massive 250% since the previous report was published.

Question 22

True or False

Email spoofing can be detected with several methods that analyze raw email headers in sent emails.

Answer 22

True

Question 23

What’s the easest way to spot a phishing email?

Answer 23

Method 1: the From Email Header

Spammers and phishers often disguise their true source email, changing the displayed email source to a name the recipient will trust or recognize.

Question 24

True or False

The SPF record is used to identify which mail servers are authorized to send emails on behalf of a domain.

Answer 24

True

Question 25

What are the three methods to catch a phishing or spam email?

Answer 25

Method 1: the From Email Header

Method 2: the Received-SPF Email Header

Method 3: the Received Email Header

Question 26

An email fails the Received-SPF verification, but was a legitimate email.

• What does this indicate?

Answer 26

This most likely indicates that the mail server sending emails on behalf of the domain doesnt have a DNS SPF record.

Question 27

If the _______ doesn’t match up with senders address, what could that mean?

Answer 27

Return Path

Could mean it’s malicious email

Question 28

True or False

If the return path and the from match up, it’s a good indication the emial is legitimate.

Answer 28

True