{"id":232,"date":"2021-02-26T16:01:42","date_gmt":"2021-02-26T16:01:42","guid":{"rendered":"https:\/\/cas.cybercop-training.ch\/?page_id=232"},"modified":"2021-05-31T14:24:39","modified_gmt":"2021-05-31T14:24:39","slug":"spfdkimdmarc","status":"publish","type":"page","link":"https:\/\/cas.cybercop-training.ch\/index.php\/spfdkimdmarc\/","title":{"rendered":"SPF,DKIM,DMARC"},"content":{"rendered":"

1. Introduction<\/h2>\n

After you did learn more about SPF<\/code>, DKIM<\/code> and DMARC<\/code> in theory, please analyze different e-mail log files and answer the following questions:<\/p>\n

    \n
  1. Has opportunistic encryption being used?<\/li>\n
  2. Is the smtp communication using spf protection?<\/li>\n
  3. Is the smtp communication using dkim protection?<\/li>\n
  4. Is the smtp communication using dmarc protection?<\/li>\n<\/ol>\n

    2. Answers<\/h2>\n

    For a better mail header analyses I use the following Online tool: https:\/\/mha.azurewebsites.net\/<\/a><\/p>\n

    Opportunisitc encryption is being used. An inidicator for that is the STARTTLS<\/code> we can see in the wireshark log:
    \n\"\"<\/p>\n

    2.1 Mail from HSR to Compass<\/h3>\n

    \"\"<\/p>\n

    SMTP communication uses SPF<\/code> protection: yes<\/b>
    \ndig -t txt compass-security.com +noall +anser<\/code><\/p>\n

    \"\"<\/p>\n

    SMTP communication uses DKIM<\/code> protection: yes<\/b><\/p>\n

    \"\"<\/p>\n

    \"\"<\/p>\n

    SMTP communication uses DMARC<\/code> protection: no<\/b><\/p>\n

    dig -t txt _dmarc.compass-security.com +short<\/code><\/p>\n

    \"\"<\/p>\n

    2.2 Mail from HL to Compass<\/h3>\n

    \"\"<\/p>\n

    SMTP communication uses SPF<\/code> protection: yes<\/b><\/p>\n

    SMTP communication uses DKIM<\/code> protection: yes<\/b>
    \n\"\"<\/p>\n

    SMTP communnication uses DMARC<\/code> protection: no<\/b><\/p>\n

    2.3 Mail from gmail to Compass<\/h3>\n

    \"\"<\/p>\n

    SMTP communication uses SPF<\/code> protection: yes<\/b><\/p>\n

    SMTP communication uses DKIM<\/code> protection: yes<\/b>
    \n\"\"<\/p>\n

    SMTP communnication uses DMARC<\/code> protection:no<\/b><\/p>\n

    2.4 Mail from compass to hsr<\/h3>\n

    \"\"
    \nSMTP communication uses SPF<\/code> protection: yes<\/b>
    \n\"\"<\/p>\n

    SMTP Communication uses DKIM<\/code> protection: no<\/b> (No DKIM signature?)<\/p>\n

    \"\"<\/p>\n

    SMTP Communication uses DMARC<\/code> protection: no<\/b><\/p>\n

    3. Summary<\/h2>\n\n\n\n\n\n\n\n\n
    Sender<\/th>\nRecipient<\/th>\nSSL protection between sender and receiver<\/th>\nDKIM enabled<\/th>\nSPF enabled<\/th>\nDMARC enabled<\/th>\n<\/tr>\n<\/thead>\n
    Compass Security<\/td>\nHSR<\/td>\nyes<\/td>\nno<\/td>\nyes<\/td>\nno<\/td>\n<\/tr>\n
    GMAIL<\/td>\nCompass Security<\/td>\nyes<\/td>\nyes<\/td>\nyes<\/td>\nyes<\/td>\n<\/tr>\n
    Hackinglab<\/td>\nCompass Security<\/td>\nno<\/td>\nyes<\/td>\nyes<\/td>\nyes<\/td>\n<\/tr>\n
    HSR<\/td>\nCompass Security<\/td>\nyes<\/td>\nyes<\/td>\nyes<\/td>\nno<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

    PDF Report:
    \nspam_protection#2<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    1. Introduction After you did learn more about SPF, DKIM and DMARC in theory, please analyze different e-mail log files and answer the following questions: Has opportunistic encryption being used? Is the smtp communication using spf protection? Is the smtp communication using dkim protection? Is the smtp communication using dmarc protection? 2. Answers For a […]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-232","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/pages\/232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/comments?post=232"}],"version-history":[{"count":4,"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/pages\/232\/revisions"}],"predecessor-version":[{"id":1351,"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/pages\/232\/revisions\/1351"}],"wp:attachment":[{"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/media?parent=232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}