9.2 Email Networks and Security Flashcards
True or False
Domain Name Systems (DNS) is like the phonebook of the internet.
True
What is A Record?
Translates a domain to an IP address.
All the records for a particular domain are stored in a file called the _________ file.
All the records for a particular domain are stored in a file called the DNS zone file.
A DNS zone file lives in a DNS server.
DNS zone files contain a Time to Live (TTL), indicating how long a DNS cache will remember information in the file before having to request an updated copy.
DNS zone files also contain the DNS records with information about the domain.
What is CNAME?
An alias record used to point one domain to another domain. (widgets2.com → widgets.com)
What is CNAME?
An alias record used to point one domain to another domain. (widgets2.com → widgets.com)
What is CNAME Record?
An alias record used to point one domain to another domain. (widgets2.com → widgets.com)
What is SOA Record?
SOA (state of authority) Record: Contains administrative details about a domain, such as the email of the administrator, TTL value, and time of last update.
What is NS Record?
NS (name server) Record: Indicates which server contains actual DNS records for a domain.
True or False
There are also DNS record types that assist with email communication.
True
True or False
Just like NS Records, domains can have multiple MX records in case one goes down or can’t handle all the traffic.
True
True or False
TXT Records are used to include notes related to the DNS.
Some notes are human-readable, such as the associated company name.
Other notes are read by the computer, such as the SPF (Sender Policy Framework), which determines if an email is from a trusted server.
What record is used if an organization send emails from mail servers outside their domain?
SPF Record
Mail servers may exist in another domain, and outside companies often send marketing emails on behalf of an organization.
An SPF record indicates mail servers that can send emails on behalf of a domain to prevent spam, phishing, and email spoofing, by detecting emails that
may have a forged sender email.
How does SPF work?
widgets. com’s DNS SPF record indicates that 23.43.54.235 and 23.43.54.236 are the IP addresses of mail servers allowed to send emails on its behalf.
- gadgets.com receives a suspicious email from a widgets.com email.
- When the receiving email server at gadgets.com receives the email, it:
a. Checks the sending mail server’s IP address, which is 12.54.54.23.
b. Validates the DNS record of widget.com’s SPF record to confirm the sending mail server’s IP address is either 23.43.54.235 or 23.43.54.236.
If emails are not reaching their final destination, you should check that the _______record for that particular domain is accurate.
MX DNS record
nslookup (name server lookup) is a command-line tool that allows us to easily look up the DNS records of any domain.
What deos SMTP stand for?
Simple Mail Transfer
What does POP3 stand for?
Post Office Protocol
What does IMAP stand for?
Internet Message Access Protocol
True or False
Spam is not inherently a security threat
True
True or False
SPF records help determine if an email is spam.
True
Also matching lists of known spam senders, and keyword identification.
What is email spoofing?
Email spoofing is designing emails to trick the receiver into believing they’re coming from a trusted source.
According to a recent report from Microsoft, what is the most common cybersecurity threat?
Phishing
Massive 250% since the previous report was published.
True or False
Email spoofing can be detected with several methods that analyze raw email headers in sent emails.
True
What’s the easest way to spot a phishing email?
Method 1: the From Email Header
Spammers and phishers often disguise their true source email, changing the displayed email source to a name the recipient will trust or recognize.
True or False
The SPF record is used to identify which mail servers are authorized to send emails on behalf of a domain.
True
What are the three methods to catch a phishing or spam email?
Method 1: the From Email Header
Method 2: the Received-SPF Email Header
Method 3: the Received Email Header
An email fails the Received-SPF verification, but was a legitimate email.
- What does this indicate?
This most likely indicates that the mail server sending emails on behalf of the domain doesnt have a DNS SPF record.
If the _______ doesn’t match up with senders address, what could that mean?
Return Path
Could mean it’s malicious email
True or False
If the return path and the from match up, it’s a good indication the emial is legitimate.
True
