Understanding DMARC record:- Why it is use and Its basic understanding

Some of mail servers discard and block emails based on SPF and DKIM record and some marks them as spam.
During this The mail sender is out of this sometimes important mails are marked as spam and Junk mails came to inbox.
So here DMARC policy works.


Understanding DMARC policy

DMARC stands for Domain-based Message Authentication, Reporting and Conformance.
Its very important features is the ability to generate a dynamic feed back loop that informs the senders about messages that are being rejected.

Currently DMARC currently exists as Internet Draft.
DMARC policy works by publishing of special DNS record that encodes a policy related toprotecting the flow of emails.
DMARC specially concerned with the "FROM" header in the email because this is main part of email which is targeted by the phishers 
An email sender can publish a policy stating that if the mail fails the SPF or DKIM record then mark it as spam or reject the mail.

In this image you can easily understand how DMARC works 




DMARC record look like this 
"v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com"
Here 
v: Represents the protocol version 
p: policy of Organizational Domain
sp: Policy of Subdomain for Organizational Domain.
rua: Reporting of URI of aggregate report.
ruf: Reporting URI of forensic report.
pct: Percentage of Message subject to filtering.
adkim: Alignment mode for DKIM
aspf: Alignment mode for SPF  

Here p set for reject means if email failed in either SPF or DKIM record then the mail will be rejected and if it was set to be on quarantine then the mail will be marked as spam and will be delivered to spam folder.



as i received suggestions to update it with a Proof of Concept so updating it lets start

Proof of Concept

So for proof of concept we will take a live example of an Indian website site.com  Many webmasters thinks that after publishing a valid SPF record it will prevent them from E-Mail spoofing but this is wrong DMARC policy dictates that lets start since  site.com is a E-commerce company i can ask users to send their credit and debit card details and other just by sending an E-Mail and if a user got trapped then that was a golden day for an attacker

On checking site.com DMARC record there is not record published for site.com so lets try to spoof users by sending an E-Mail from cs@site.com. You can use any fake  mailer for composing this type of email
Here I composed an email




After that I sent this to my email.




And i received direct to my inbox.
If user got trapped in this they can lost many things
this happened because there was no DMARC record for site.com

Now take an example of facebook or google check there SPF record

facebook records look like

v=DMARC1; p=reject; pct=100; rua=mailto:d@rua.agari.com,mailto:postmaster@facebook.com; ruf=mailto:d@ruf.agari.com;

Here p is selected to none so if your try to send any emails from any address like from support@facebook.com
They will be rejected and will not be delivered to anyone's email address.



Thanks Souvik (Guruji) For his valuable suggestion.


Suggestions welcome. Feel free to comment

Special Thanks: Subir Sutradhar, Gurpreet Singh and Whole I-HOS team 

Thanks
Jitendra Santram Singh (Team Computer Korner )

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

0 comments: