sending e mail today
play

Sending E-Mail Today MX Priority #1 SMTP Exchange - PowerPoint PPT Presentation

Apr 12, 2023 •374 likes •481 views

DANE and SMTP: TLS Protec4on for SMTP Using DANE and DNSSEC Russ Mundy & Wes Hardaker Parsons <Russ.Mundy@parsons.com> <mundy@4slabs.com> 7/17/13

  1. DANE ¡and ¡SMTP: ¡ TLS ¡Protec4on ¡for ¡SMTP ¡ Using ¡DANE ¡and ¡DNSSEC ¡ Russ ¡Mundy ¡& ¡Wes ¡Hardaker ¡ Parsons ¡ <Russ.Mundy@parsons.com> ¡ <mundy@4slabs.com> ¡ 7/17/13 ¡ 1 ¡

  2. Sending ¡E-­‑Mail ¡Today ¡ MX ¡Priority ¡#1 ¡ SMTP ¡Exchange ¡ Sender’s ¡ MTA ¡ Email ¡ Author ¡ DNS ¡ Records ¡ Receiver’s ¡ 1. Sender transmits 2. The sender’s MTA 3. The sender’s MTA MTA ¡ outgoing email to uses the receiver’s sends email to the their mail server, DNS “MX” records receiver’s MTA i.e., Mail Transfer to find a destination address. Agent (MTA) MTA address. 7/17/13 ¡ 2 ¡

  3. Problem ¡#1: ¡Fake ¡MX ¡Records ¡ MX ¡Priority ¡#1 ¡ SMTP ¡Exchange ¡ Up-­‑To-­‑No-­‑Good ¡ Server ¡ MX ¡Priority ¡#2 ¡ Sender’s ¡ Maybe ¡ MTA ¡ Delivers ¡ but ¡May ¡ ¡ Not ¡ Email ¡ Author ¡ ‘Plain’ ¡DNS ¡ Records ¡ Receiver’s ¡ Unfortunately, it is possible to create fake MX records, MTA’s ¡ allowing an attacker to pretend to be the right “real” destination. 7/17/13 ¡ 3 ¡

  4. Solu4on ¡#1: ¡DNSSEC ¡ MX ¡Priority ¡#1 ¡ Up-­‑To-­‑No-­‑Good ¡ Server ¡ M X ¡ P r i o r i t y ¡ # 1 ¡ SMTP ¡Exchange ¡ Sender’s ¡ MTA ¡ Email ¡ Author ¡ DNSSEC ¡Protected ¡ Records ¡ Receiver’s ¡ DNSSEC ensures that only good DNS records are MTA’s ¡ believable. 7/17/13 ¡ 4 ¡

  5. Problem ¡#2: ¡Unprotected ¡SMTP ¡ ¡ ! y s a E ¡ s I ¡ g n i p p o r d s e v a E MX ¡Priority ¡#1 ¡ SMTP ¡Exchange ¡ Sender’s ¡ MTA ¡ Email ¡ Author ¡ Receiver’s ¡ Most SMTP server to server exchanges are unencrypted. MTA ¡ 7/17/13 ¡ 5 ¡

  6. Solu4on ¡#2: ¡TLS-­‑Protected ¡SMTP ¡ MX ¡Priority ¡#1 ¡ SMTP ¡Exchange ¡ Sender’s ¡ MTA ¡ Email ¡ Author ¡ Receiver’s ¡ SMTP can run over encrypted TLS, but: MTA ¡ • Few server to server exchanges have TLS turned on • Management of CA Trust Anchors impractical for operators • MTA servers don’t normally distribute trust anchor lists • DANE records are being defined to act as a DNS-based trust anchor 7/17/13 ¡ 6 ¡

  7. Problem ¡#3: ¡SMTP ¡Man-­‑in-­‑the-­‑Middle ¡ I ¡don’t ¡speak ¡ TLS, ¡sorry! ¡ Sender’s ¡ MTA ¡ Up-­‑To-­‑No-­‑Good ¡ Server ¡ Email ¡ Author ¡ Receiver’s ¡ SMTP over TLS uses the “STARTTLS” command MTA ¡ • Attackers “in path” can pretend to be the receiver’s MTA • Man-in-the-middle allows for “I don’t support STARTTLS” • Current default policy must be to deliver unencrypted if TLS is unavailable 7/17/13 ¡ 7 ¡

  8. Solu4on ¡#3: ¡SMTP ¡over ¡TLS ¡with ¡DANE ¡ MX ¡Priority ¡#1 ¡ SMTP ¡Exchange ¡ Sender’s ¡ ISP ¡ Email ¡ Author ¡ Receiver’s ¡ A DANE record can indicate you MUST use TLS! ISP ¡ 7/17/13 ¡ 8 ¡

  9. SMTP ¡Over ¡TLS ¡with ¡DNSSEC ¡& ¡DANE ¡ • Protects ¡against ¡MX ¡record ¡forgeries ¡ • Protects ¡against ¡eavesdropping ¡ • Protects ¡against ¡STARTTLS ¡Man-­‑in-­‑the-­‑Middle ¡ • Provides ¡secured ¡X.509 ¡trust-­‑anchors ¡for ¡TLS ¡ 7/17/13 ¡ 9 ¡

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Electronic Mail Overview Electronic mail History Format of email RFC 822, MIME,

Electronic Mail Overview Electronic mail History Format of email RFC 822, MIME,

Electronic Mail Overview Electronic mail History Format of email RFC 822, MIME, email addresses Sending email SMTP, DNS Retrieving email POP, IMAP, Web-based 2 Flashback to the 70s ARPANET just recently came

437 views • 40 slides
O signed into law the Controlling the Sending messages from e-mail accounts or Assault of

O signed into law the Controlling the Sending messages from e-mail accounts or Assault of

G The Tech Group Alert January 2004 The CAN-SPAM Act: Federal Government Regulates Unsolicited Commercial E-mail By David Leit, Esq. n December 16, 2003, President Bush Falsifying header information; O signed into law the Controlling

239 views • 3 slides
Electronic Mail Overview Electronic mail History Format

Electronic Mail Overview Electronic mail History Format

Electronic Mail Overview Electronic mail History Format of email RFC 822, MIME, email addresses Sending email SMTP, DNS Retrieving

636 views • 41 slides
Sending a Mass Email 4 Keys to Sending a Successful Mailing 1.

Sending a Mass Email 4 Keys to Sending a Successful Mailing 1.

Title Sending a Mass Email 4 Keys to Sending a Successful Mailing 1. Narrow your audience 2. Create a Good Email 3. Test &amp; Send 4. Clean list &amp;

392 views • 21 slides
Radix-64 Conversion in PGP Cunsheng Ding Department of CSE HKUST 1 PGP E-Mail Compatibility

Radix-64 Conversion in PGP Cunsheng Ding Department of CSE HKUST 1 PGP E-Mail Compatibility

Radix-64 Conversion in PGP Cunsheng Ding Department of CSE HKUST 1 PGP E-Mail Compatibility Many electronic mail systems can only transmit blocks of ASCII text. This can cause a problem when sending encrypted data since ciphertext blocks

668 views • 9 slides
Announcements Check course web page under assignments for FAQs Read FAQs before sending

Announcements Check course web page under assignments for FAQs Read FAQs before sending

Announcements Check course web page under assignments for FAQs Read FAQs before sending mail Assignment Clarification Semantics of = differ slightly between chmod and chmod2: Suppose file1 has permission rwxrwxrwx chmod u=rw

457 views • 43 slides
Exim and Internet Mail Chris Wilson Aptivate Ltd, UK AfNOG 2012 Download this presentation at:

Exim and Internet Mail Chris Wilson Aptivate Ltd, UK AfNOG 2012 Download this presentation at:

Exim and Internet Mail Chris Wilson Aptivate Ltd, UK AfNOG 2012 Download this presentation at: http://www.ws.afnog.org/afnog2012/sse/exim How Internet Email Works Mail SMTP Outbound Sender Mail (MUA) Configured Server Server Sending

989 views • 98 slides
Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP

Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP

Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP entry Indicate on attendance sheet Announcements Plan for today Its Co-op time Building a software system Orientation

475 views • 3 slides
Experimental Twin-Field Quantum Key Distribution Through Sending-or-Not-Sending Yang Liu Jinan

Experimental Twin-Field Quantum Key Distribution Through Sending-or-Not-Sending Yang Liu Jinan

Experimental Twin-Field Quantum Key Distribution Through Sending-or-Not-Sending Yang Liu Jinan Institute of Quantum Technology (JIQT) University of Science and Technology of China (USTC) QCRYPT 2020 Twin-Field QKD (TF-QKD) Proposed in 2018,

841 views • 45 slides
React Native HTTP/Fetch Sending data 1 Sending data to web server Two methods GET

React Native HTTP/Fetch Sending data 1 Sending data to web server Two methods GET

React Native HTTP/Fetch Sending data 1 Sending data to web server Two methods GET requests include all required data in the URL. POST requests supply additional data from the client (browser) to the server in the message body.

749 views • 20 slides
New CIM00012 germplasm exchange project Five years: 07/2008 to 06/2013 Sending only

New CIM00012 germplasm exchange project Five years: 07/2008 to 06/2013 Sending only

New CIM00012 germplasm exchange project Five years: 07/2008 to 06/2013 Sending only SAWYT and ESWYT candidates to limit numbers Sending breeder selections (one year every two), rotation CIMMYT/ICARDA Still sends ~ 50 primaries

324 views • 11 slides
CS 457 Networking and the Internet Fall 2016 Electronic Mail: SMTP [RFC 2821] uses TCP

CS 457 Networking and the Internet Fall 2016 Electronic Mail: SMTP [RFC 2821] uses TCP

CS 457 Networking and the Internet Fall 2016 Electronic Mail: SMTP [RFC 2821] uses TCP to reliably transfer email message from client to server, port 25 direct transfer: sending server to receiving server three phases of

472 views • 11 slides
MAIL SECURITY AND THE DNS John Levine STANDCORE LLC ICANN 65 | Marrakech MAIL AND SMTP ARE VERY

MAIL SECURITY AND THE DNS John Levine STANDCORE LLC ICANN 65 | Marrakech MAIL AND SMTP ARE VERY

MAIL SECURITY AND THE DNS John Levine STANDCORE LLC ICANN 65 | Marrakech MAIL AND SMTP ARE VERY VERY OLD Message format from RFC 733 in 1977 SMTP from RFC 788 in 1981 Both pretty much the same today, with a lot of extensions DNS

867 views • 32 slides
Announcements Assignment 4 will be out later today Problem Set 3 is due today or tomorrow

Announcements Assignment 4 will be out later today Problem Set 3 is due today or tomorrow

Announcements Assignment 4 will be out later today Problem Set 3 is due today or tomorrow by 9am in my mail box (4 th floor NSH) How are the machines working out? I have a meeting with Peter Lee and Bob Cosgrove on Wednesday to

755 views • 37 slides
Network layer transport segment from sending to receiving host application on sending side

Network layer transport segment from sending to receiving host application on sending side

Network layer transport segment from sending to receiving host application on sending side encapsulates transport network segments into datagrams data link network physical network data link network on rcving side, delivers

371 views • 7 slides
ABU Dhabi Dialogue among the Asian Labour Sending and

ABU Dhabi Dialogue among the Asian Labour Sending and

ABU Dhabi Dialogue among the Asian Labour Sending and Receiving Countries The document is a flow chart of the presentation on Recruitment, which

1.08k views • 14 slides
Job Search Youth Employment Services provides inclusive employment services for youth between 16

Job Search Youth Employment Services provides inclusive employment services for youth between 16

Job Search Youth Employment Services provides inclusive employment services for youth between 16 and 29. Our purpose is to prepare youth in realizing their potential to become self-sufficient. Aim Know how to plan your job search and where to

212 views • 6 slides
Internationalisation of the Curriculum. Linda Renton. Senior Lecturer. Queen Margaret

Internationalisation of the Curriculum. Linda Renton. Senior Lecturer. Queen Margaret

Internationalisation of the Curriculum. Linda Renton. Senior Lecturer. Queen Margaret University, Edinburgh, Scotland. Linda BM Renton. Email: lrenton@ qmu.ac.uk Images sourced from https://search.creativecommons.org/ Introduction. 24 th

526 views • 34 slides
Online Marketing for Christian Schools Core Clarity What is the role of your schools website,

Online Marketing for Christian Schools Core Clarity What is the role of your schools website,

Online Marketing for Christian Schools Core Clarity What is the role of your schools website, email, and social media? How can you optimize these tools to get the most effective marketing? List on an index card: your name the name of your

562 views • 23 slides
USA Targeted External Communications Query (USA-TECQ) September 11, 2018 Dirk Fillpot USDAs

USA Targeted External Communications Query (USA-TECQ) September 11, 2018 Dirk Fillpot USDAs

USA Targeted External Communications Query (USA-TECQ) September 11, 2018 Dirk Fillpot USDAs Office of Communications Key benefits of USA-TECQ: Likely the only system that allows users to target media outlets serving precise geographic

413 views • 13 slides
Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang

Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang

Indistinguishable Proofs of Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang ASIACRYPT 2016 8th December, Hanoi, Vietnam Motivation (ZK) Proofs of Knowledge - PoK Statement: Prover

984 views • 79 slides
Its Time Is Here David G. Ries John W. Simek David G. Ries dries@clarkhill.com 412.394.7787 John

Its Time Is Here David G. Ries John W. Simek David G. Ries dries@clarkhill.com 412.394.7787 John

Encryption for Lawyers : Its Time Is Here David G. Ries John W. Simek David G. Ries dries@clarkhill.com 412.394.7787 John W. Simek jsimek@senseient.com 703.359.0700 2 A-orneys Avoid Encryp6on Encryptio n 10 FT 3 A-orneys Avoid Encryp6on

937 views • 73 slides
2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal

2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal

2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal Cybersecurity Policy About the Report Section I: Illustrations of Cyber Threats and Vulnerabilities Section II: Policy Response to Cyber Risk

249 views • 20 slides
Beta Presentation Information Technology Assessment Toolkit The Capstone Experience Team IBM

Beta Presentation Information Technology Assessment Toolkit The Capstone Experience Team IBM

Beta Presentation Information Technology Assessment Toolkit The Capstone Experience Team IBM Adam Koshorek Alex Hanlon Connor Gilbert Eunbong Yang Department of Computer Science and Engineering Michigan State University Fall 2013 From

199 views • 7 slides

More recommend