protecting your brand: email security
TRANSCRIPT
Email Security:Keeping Your Brand Safe
Email Security: Protecting Your Brand
Your Presenters
Chris BrentonSenior Director of Information [email protected]
Scott GrantProduct Marketing Manager | Message [email protected]
Email Security: Protecting Your Brand
Why Email Security?
156 million phishing emails per day
Email Security: Protecting Your Brand
Why Email Security?
156 million phishing emails per day
16 million get through spam filters
Email Security: Protecting Your Brand
Why Email Security?
156 million phishing emails per day
16 million get through spam filters
8 million are opened
Email Security: Protecting Your Brand
Why Email Security?
156 million phishing emails per day
16 million get through spam filters
8 million are opened
800k are clicked
Email Security: Protecting Your Brand
Why Email Security?
156 million phishing emails per day
16 million get through spam filters
8 million are opened
800k are clicked
80,000 people fall victim each day
Email Security: Protecting Your Brand
Why Email Security?
156 million phishing emails per day
16 million get through spam filters
8 million are opened
800k are clicked
80,000 people fall victim each day
One test found:• 89% Confident• 92% Failed• 50% Misclassified & Deleted
Email Security: Protecting Your Brand
• Q3 2013: $1.66 Billion Lost
• Growing 30% / Month• Estimated $1.4m per
attack
$$$ Big Money $$$
• Payment Services• Financial• Retail• Government / Education• Auctions• Social Networks• Gaming• Classified
Frequently Targeted
Email Security: Protecting Your Brand
Protect Your Email
Securely Transmitting Messages
Email Authentication– Brand Protection, Active and Parked Domains
Email Security: Protecting Your Brand
Secure Delivery
Opportunistic TLS
Attempts to encrypt the communications channel otherwise falling back to unencrypted communications
Sending Receiving
Email Security: Protecting Your Brand
Avoiding Phishing With Email Authentication
Email Security: Protecting Your Brand
Why Authenticate?
Marketing Transactional Interpersonal
PhishingSpoofing Botnets
Email Security: Protecting Your Brand
Sender Policy Framework (SPF)
Preventing spam email spam by detecting email spoofing
Authenticates Sending IP address
Based off DNS TXT record
"v=spf1 ip4:216.146.45.0/24 include:_spf.google.com include:spf.dynect.net include:support.zendesk.com
~all"
Spoofing
Email Security: Protecting Your Brand
DomainKeys Identified Mail (DKIM)Uses Public / Private Key to authenticate
Public key provided in DNS TXT records
Private key hashed with message and inserted in headers
Validate the sending server or software
Sending
Receiving
Public Key
Botnets
Email Security: Protecting Your Brand
DMARCDomain-based Message Authentication, Reporting and Conformance
Provides ISPs direction on what to do with mail
Used to reduce (and possibly stop!) phishing
Utilizes SPF and/or DKIM
ISPs provide reports on emails sent on your domain
"v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; pct=100”
Phishing
Email Security: Protecting Your Brand
Recap: Protect your brand AND your customers
Securely transmitting messages– Opportunistic TLS
Email Authentication via DNS records– SPF, DKIM, and DMARC
Additional resources– Openspf.org– DKIM.org– DMARC.org– http://dyn.com/content-hub/
Email Security: Protecting Your Brand
Questions?
Chris BrentonSenior Director of Information [email protected] | @Chris_Brenton
Scott GrantProduct Marketing Manager | Message [email protected] | @ScottGrantJr