Email Fraud Defense

Question 1

Email Fraud Defense

Answer 1

makes our email authentication simpler and can help us identify which email senders are legitimate and monitor anomalous senders.

Question 2

DNS

Answer 2

Domain Name System; naming system for computers, services, and other resources in the Internet or other Internet Protocol

Question 3

SPF

Answer 3

Sender Policy Framework (SPF) including its implementation, and challenges; checks if server is authorized to send email on behalf of the domain.

Question 4

DKIM

Answer 4

DomainKeys Identified Mail (DKIM) including its implementation and challenges; Digital signature.

Question 5

Outbound email gateway

Answer 5

outgoing mail server or SMTP server that sends email from a domain to external recipients on the internet

Question 6

Domain

Answer 6

main part of website URL that reps company or entity on internet; contains TLD and SLD (ex: dell.com)

Question 7

Subdomain

Answer 7

subset of a larger and is used to organize and structure content within the main domain (ex: erg.dell.com)

Question 8

SPF alignment

Answer 8

when the message’s SPF domain and the header’s From: domain match, or share the same parent domain

Question 9

DKIM alignment

Answer 9

the DKIM domain found in the DKIM signature matches the header’s From: domain or DKIM signature matches the Header’s From: domain

Question 10

Relaxed

Answer 10

subdomains are aligned with parent domains

Question 11

Strict

Answer 11

domains MUST match exactly (ex: us.erg.dell.com would NOT align with erg.dell.com)

Question 12

How do you pass DKIM?

Answer 12

a message must pass EITHER SPF and SPF alignment or DKIM signatures, only one needs to pass and align DKIM

Question 13

Policy=none

Answer 13

tells recipient networks to ignore that the email fails DMARC authentication

Question 14

Policy=quarantine

Answer 14

tells recipient networks to quarantine messages that fail DMARC authentication; ends up in spam or junk folder

Question 15

Aggregate reports provide high level info on…

Answer 15

o IP address of sender
o Total number of emails sent by a sender
o SPF, DKIM, and DMATC authentication results of those emails; includes all metadata

Question 16

Policy=reject

Answer 16

tells recipient networks to block any mails that fail DMARC authentication

Question 17

Splunk

Answer 17

big data platform that simplifies the task of collecting and managing massive amounts of data

Question 18

Email authentication in Proofpoint

Answer 18

similar to how airports manage security; in Proofpoint, their multilayered defense uses identity control and content analysis to protect organizations from email fraud (like a passport)

Question 19

Domain Message Authentication, Reporting and Conformance (DMARC) authentication

Answer 19

allows senders to indicate if messages are PROTECTED by two popular authentication techniques and tells receivers what to do if neither pass

Question 20

Proofpoint

Answer 20

gives us visibility into most of the emails that are coming in and out of our org; can authorize legit senders trying to send email on your behalf or block them from spoofing your domains or your suppliers