1. Introduction
After you did learn more about SPF, DKIM and DMARC in theory, please analyze different e-mail log files and answer the following questions:
- Has opportunistic encryption being used?
- Is the smtp communication using spf protection?
- Is the smtp communication using dkim protection?
- Is the smtp communication using dmarc protection?
2. Answers
For a better mail header analyses I use the following Online tool: https://mha.azurewebsites.net/
Opportunisitc encryption is being used. An inidicator for that is the STARTTLS we can see in the wireshark log:
2.1 Mail from HSR to Compass
SMTP communication uses SPF protection: yes
dig -t txt compass-security.com +noall +anser
SMTP communication uses DKIM protection: yes
SMTP communication uses DMARC protection: no
dig -t txt _dmarc.compass-security.com +short
2.2 Mail from HL to Compass
SMTP communication uses SPF protection: yes
SMTP communication uses DKIM protection: yes
SMTP communnication uses DMARC protection: no
2.3 Mail from gmail to Compass
SMTP communication uses SPF protection: yes
SMTP communication uses DKIM protection: yes
SMTP communnication uses DMARC protection:no
2.4 Mail from compass to hsr
SMTP communication uses SPF protection: yes
SMTP Communication uses DKIM protection: no (No DKIM signature?)
SMTP Communication uses DMARC protection: no
3. Summary
| Sender | Recipient | SSL protection between sender and receiver | DKIM enabled | SPF enabled | DMARC enabled |
|---|---|---|---|---|---|
| Compass Security | HSR | yes | no | yes | no |
| GMAIL | Compass Security | yes | yes | yes | yes |
| Hackinglab | Compass Security | no | yes | yes | yes |
| HSR | Compass Security | yes | yes | yes | no |
PDF Report:
spam_protection#2