SPF, DKIM, DMARC was never so simple! // EasyDMARC

Рет қаралды 22,914

Күн бұрын

In this video, I will be discussing the importance of outbound email security and how it can protect your company's reputation. I will introduce you to technologies such as SPF, DKIM, DMARC, and BIMI, and explain how they work together to prevent email fraud and spoofing. Additionally, I will be showcasing EasyDMARC, a cloud native service provider that offers advanced managed solutions for mid-sized to large enterprises, as well as free tools for Homelab users.
EasyDMARC-*: rebrand.ly/c2a262
________________
💜 Support me and become a Fan!
→ christianlempa.de/patreon
💬 Join our Community!
→ christianlempa.de/discord
________________
Read my Tech Documentation
christianlempa.de/docs
My Gear and Equipment-*
christianlempa.de/kit
________________
Timestamps:
00:00 Introduction
01:32 What is EasyDMARC?
02:50 You need outbound email security!
04:06 Connect your domain
05:41 SPF
12:52 DKIM
18:14 DMARC
22:45 BIMI
________________
All links with `*` are and/or include affiliate links.

Пікірлер: 56

@AmirT.-lr7fk 23 күн бұрын

Thank you, man, I've been struggling with this all day! May God bless you!

@falazarte 4 ай бұрын

Best video explaining these topics! You earned a new sub! Thank you.

@christianlempa 4 ай бұрын

Thank you so much! :)

@dingokidneys 4 ай бұрын

Very nice clear guidance on what each is an how they work. Thanks for that.

@christianlempa 4 ай бұрын

Glad it was helpful!

@fabs9930 4 ай бұрын

This helped me understand spf, dkim and dmarc better. thx a lot!

@christianlempa 4 ай бұрын

glad it helped :)

@fabienudriot3977 4 ай бұрын

Just in time! 🙂 And this is difficult info to find, so well and concisely explained. Thanks

@christianlempa 4 ай бұрын

Glad it was helpful!

@marciifee 4 ай бұрын

BIMI costs money if they want the correct BIMI email security "add-on" topping :D. I am using the free version of BIMI, but you also forgot the also most important feature: MTA-STS, CAA, HSTS, and header security. Additionally, most people are reading and sending emails via a web browser, which leaves them vulnerable to man-in-the-middle attacks :)

@christianlempa 4 ай бұрын

Yeah, well... you can make a video about all of this, it's gonna be 1h+ :D

@marciifee 4 ай бұрын

@@christianlempa I know, it's a huge topic :3 but the beauty of this is that not everyone is familiar with it. That's why I will always find my customers with it. :3

@Voigt_Analytics 2 ай бұрын

@@christianlempaNope, you just have to say BIMI brings no real benefit, because only a handful of mail providers are using this; it‘s expensive; and other protocols are far more sophisticated.

@bojandimic3914 4 ай бұрын

Very nice video, thank you Christian!

@christianlempa 4 ай бұрын

thank you!

@jebucaro 4 ай бұрын

Thank you, very useful!

@christianlempa 4 ай бұрын

Thanks!

@danielcastrorodriguez3934 4 ай бұрын

Thank you Christian!!

@christianlempa 4 ай бұрын

Thanks for watching :)

@krzysztofnowak7637 4 ай бұрын

18:40 Gmail does exactly that - it rejects emails from domains without an SPF record completely, and actually I think they do the right thing. It is also worth noting that DMARC checks the authorisation for the domain in the From header, not the SMTP FROM (the envelope From) as SPF does. And that's important because the From header value is usually the only thing the recipient sees. So it helps combat phishing emails sent from the attacker's domain that have the correct SPF but a fake domain in the From header.

@Trozpent 4 ай бұрын

@Christian - I was wondering if you have ever setup a Hadoop environment. I've been really tempted with lookign to set one up for dealing with large amounts of data storage and processing.

@ronm6585 4 ай бұрын

Thank you.

@christianlempa 4 ай бұрын

You're welcome!

@TatesRealityIRL 2 ай бұрын

Where do I find the include record for a WIX website?

@ulrikboesen 4 ай бұрын

Thanks for the video. But as a homelab user, how could you fit in the free edition, its only supports one domain :)

@christianlempa 4 ай бұрын

Don't complain about free stuff bro :D

@msmith1789 4 ай бұрын

Great video Christian. Very informative. How does easydmarc compare to valimail?

@christianlempa 4 ай бұрын

No idea, haven’t used valimail mysefl

@zocker_nudl 4 ай бұрын

And how can I use this with my Mailcow?

@ddoecke 3 ай бұрын

I wish I'd known about the 10 include statement thing a couple weeks ago - spent a while trying to figure out why it was happening before I found that info. And it was because one of the services we allow to send on our behalf had added an additional include in THEIR spf record, because apparently that 10 lookup limit counts all the nested Includes. Might have to look into that EasySPF - expand the extra lookups to IP addresses.

@christianlempa 3 ай бұрын

Wow, that's interesting! I haven't heard before either, but thanks to EasyDMARC for teaching me :D

@ierosgr 4 ай бұрын

At 1:43 where the easyDMARC site mentions 14 days data hιstory what does it mean? Afterwards the old incoming / sent emails will be lost? In order to use SPF you need to have a static IP? Else your IP will change as well like the attackers. Or the ability to use a txt record bypasses that need? Why all these records at cloudflare need not to be proxied?

@EdwinMartin Ай бұрын

I’m pretty sure the DMARC success/fail messages are only kept for 14 days. The IP address in the SPF record is the address of the smtp server*, so it’s not a problem if you send mail from a dynamic IP address. *technically, it might not be the same IP address

@RK-ly5qj 4 ай бұрын

Dns sec is also worth to have ;)

@christianlempa 4 ай бұрын

True!

@ALWALEEDALWABEL 4 ай бұрын

when are you going to make a self SMTP server video?

@Voigt_Analytics 2 ай бұрын

This is not an option for me because I have multiple domains and I don't want to pay dozens of SaaS providers for a single use case. These records are something that needs to be set up perfectly once, and I have no intention of changing anything after that. There are other ways of monitoring the MX.

@simongajdosik5105 4 ай бұрын

Nice vid, but there is also mta-sts policy.

@christianlempa 4 ай бұрын

thanks, yes that's true ;)

@simongajdosik5105 4 ай бұрын

@@christianlempa Would you consider to create vid also for that? It's very easy to add txt record, but many don't know about it at all.

@lekkimworld 4 ай бұрын

Having just migrated from paid gmail to Microsoft 365 Family I would love to understand how people run their email as I'm not really satisfied with the M365 solution and how it supports custom domains. If you run your own email server I'd love to hear how you do that including the UI you use for email etc.

@christianlempa 4 ай бұрын

I'm currently using M365 myself because it's easy, and has many features for a fair price. But sure, you could also think about switching to Google Workspace, or run your own self-hosted mail server if you feel comfortable about it.

@Myuuiii 4 ай бұрын

just as I gave up on setting up an email server :/

@christianlempa 4 ай бұрын

You can still use it with M365 or Google workspace

@Myuuiii 4 ай бұрын

@@christianlempa Thank you! I’ll look into that :D, thanks for the great video!

@Darkk6969 4 ай бұрын

@@christianlempa I use ProtonMail to host my own domain and works pretty well with their services. During the migration of my domain it took me step by step and ProtonMail made sure I've added the proper SPF, DMARC and DKIM records to my Cloudflare DNS to ensure my e-mails are received properly. Worked like a champ. I am also Office 365 admin at work and had to dig around to find the DKIM settings. Thanks for pointing this out.

@DeNNiiiable 4 ай бұрын

it seems the free plan changed from 10000 emails to 1000. this might be eaten up just by notifications in most homelabs so i guess no thank you as we will do it the way we have always done