SPF, DKIM, DMARC was never so simple! // EasyDMARC
Vložit
- čas přidán 13. 06. 2024
- In this video, I will be discussing the importance of outbound email security and how it can protect your company's reputation. I will introduce you to technologies such as SPF, DKIM, DMARC, and BIMI, and explain how they work together to prevent email fraud and spoofing. Additionally, I will be showcasing EasyDMARC, a cloud native service provider that offers advanced managed solutions for mid-sized to large enterprises, as well as free tools for Homelab users.
EasyDMARC-*: rebrand.ly/c2a262
________________
💜 Support me and become a Fan!
→ christianlempa.de/patreon
💬 Join our Community!
→ christianlempa.de/discord
________________
Read my Tech Documentation
christianlempa.de/docs
My Gear and Equipment-*
christianlempa.de/kit
________________
Timestamps:
00:00 Introduction
01:32 What is EasyDMARC?
02:50 You need outbound email security!
04:06 Connect your domain
05:41 SPF
12:52 DKIM
18:14 DMARC
22:45 BIMI
________________
All links with `*` are and/or include affiliate links. - Věda a technologie
Thank you, man, I've been struggling with this all day!
May God bless you!
Best video explaining these topics! You earned a new sub! Thank you.
Thank you so much! :)
Very nice clear guidance on what each is an how they work. Thanks for that.
Glad it was helpful!
Just in time! 🙂
And this is difficult info to find, so well and concisely explained. Thanks
Glad it was helpful!
This helped me understand spf, dkim and dmarc better. thx a lot!
glad it helped :)
Very nice video, thank you Christian!
thank you!
Thank you Christian!!
Thanks for watching :)
Thank you, very useful!
Thanks!
BIMI costs money if they want the correct BIMI email security "add-on" topping :D. I am using the free version of BIMI, but you also forgot the also most important feature: MTA-STS, CAA, HSTS, and header security. Additionally, most people are reading and sending emails via a web browser, which leaves them vulnerable to man-in-the-middle attacks :)
Yeah, well... you can make a video about all of this, it's gonna be 1h+ :D
@@christianlempa I know, it's a huge topic :3 but the beauty of this is that not everyone is familiar with it. That's why I will always find my customers with it. :3
@@christianlempaNope, you just have to say BIMI brings no real benefit, because only a handful of mail providers are using this; it‘s expensive; and other protocols are far more sophisticated.
@Christian - I was wondering if you have ever setup a Hadoop environment. I've been really tempted with lookign to set one up for dealing with large amounts of data storage and processing.
18:40 Gmail does exactly that - it rejects emails from domains without an SPF record completely, and actually I think they do the right thing.
It is also worth noting that DMARC checks the authorisation for the domain in the From header, not the SMTP FROM (the envelope From) as SPF does. And that's important because the From header value is usually the only thing the recipient sees. So it helps combat phishing emails sent from the attacker's domain that have the correct SPF but a fake domain in the From header.
Where do I find the include record for a WIX website?
Thank you.
You're welcome!
Thanks for the video. But as a homelab user, how could you fit in the free edition, its only supports one domain :)
Don't complain about free stuff bro :D
Great video Christian. Very informative. How does easydmarc compare to valimail?
No idea, haven’t used valimail mysefl
And how can I use this with my Mailcow?
I wish I'd known about the 10 include statement thing a couple weeks ago - spent a while trying to figure out why it was happening before I found that info. And it was because one of the services we allow to send on our behalf had added an additional include in THEIR spf record, because apparently that 10 lookup limit counts all the nested Includes.
Might have to look into that EasySPF - expand the extra lookups to IP addresses.
Wow, that's interesting! I haven't heard before either, but thanks to EasyDMARC for teaching me :D
At 1:43 where the easyDMARC site mentions 14 days data hιstory what does it mean? Afterwards the old incoming / sent emails will be lost?
In order to use SPF you need to have a static IP? Else your IP will change as well like the attackers. Or the ability to use a txt record bypasses that need?
Why all these records at cloudflare need not to be proxied?
I’m pretty sure the DMARC success/fail messages are only kept for 14 days. The IP address in the SPF record is the address of the smtp server*, so it’s not a problem if you send mail from a dynamic IP address. *technically, it might not be the same IP address
Dns sec is also worth to have ;)
True!
when are you going to make a self SMTP server video?
This is not an option for me because I have multiple domains and I don't want to pay dozens of SaaS providers for a single use case. These records are something that needs to be set up perfectly once, and I have no intention of changing anything after that. There are other ways of monitoring the MX.
Having just migrated from paid gmail to Microsoft 365 Family I would love to understand how people run their email as I'm not really satisfied with the M365 solution and how it supports custom domains. If you run your own email server I'd love to hear how you do that including the UI you use for email etc.
I'm currently using M365 myself because it's easy, and has many features for a fair price. But sure, you could also think about switching to Google Workspace, or run your own self-hosted mail server if you feel comfortable about it.
Nice vid, but there is also mta-sts policy.
thanks, yes that's true ;)
@@christianlempa Would you consider to create vid also for that? It's very easy to add txt record, but many don't know about it at all.
just as I gave up on setting up an email server :/
You can still use it with M365 or Google workspace
@@christianlempa Thank you! I’ll look into that :D, thanks for the great video!
@@christianlempa I use ProtonMail to host my own domain and works pretty well with their services. During the migration of my domain it took me step by step and ProtonMail made sure I've added the proper SPF, DMARC and DKIM records to my Cloudflare DNS to ensure my e-mails are received properly. Worked like a champ.
I am also Office 365 admin at work and had to dig around to find the DKIM settings. Thanks for pointing this out.
sadly the free option is now switched to personal only
:(
it seems the free plan changed from 10000 emails to 1000. this might be eaten up just by notifications in most homelabs so i guess no thank you as we will do it the way we have always done