DMARC - Don't Let the Phishers Punk Your Email Domain

Presented at Kernelcon 2022, April 1, 2022, 5 p.m. (60 minutes).

DMARC can be difficult to set up, with its exacting syntax added on to the fact that many people don't understand what DMARC can really accomplish for their organization. Without DMARC on your email domain, malicious actors can send phishing emails, appearing to be sent from your email domain, claiming to be you, to anyone they want to, including your own customers, and you'll have no idea it's happening. Implementing DMARC incorrectly could result in your legitimate emails being bit-binned. However, with DMARC correctly implemented on your domain, you can prevent these phishing emails from being delivered to their intended victims and you'll know that it's happening and where they are originating.

Presenters:

• Matthew K. Miller
  Matt is a Senior Information Security Engineer at First National Bank of Omaha. He is the SME for email security for FNBO. Hobbies include poker and genealogy. I can find birth parents!

Similar Presentations:

• ToorCon San Diego 13 (2011) / Doppelganger Domains
• CarolinaCon 13 (2017) / DMARC for Fun and Threat Intel
• RVAsec 2022 / Warning: This Message Originated from Outside of Your Organization