Preventing Unauthorized Email Spoofing with DMARC


SMTP, the basic protocal that moves email around the Internet, lacks authentication. This basic oversight has proven a boon for cybercriminals, who leverage email's insecurity to steal billions of dollars every year. In this session you'll learn about DMARC, a standard for email authentication that can prevent unauthorized email spoofing.

This session will begin with real-world examples of email spoofing used to commit fraud, identity theft, and other online crimes. We will describe various attempts to solve the email spoofing problem prior to DMARC, complete with shortcomings. A technical review of the email authentication standards SPF, DKIM, and DMARC will follow, leading us to an overview of the open source tools available to help you implement these crucial standards. We will wrap up by showing some interesting implementation statistics derived from a number of sources including the Ashley Madison data dump.

After attending this session, you will understand:

  • The business issues related to email spoofing
  • Previous attempts to solve the problem
  • The current best solution: SPF, DKIM and DMARC
  • The technical workings of SPF, DKIM and DMARC
  • What open source tools are available to help you implement SPF, DKIM and DMARC
  • How we can use the Ashley Madison data dump to estimate DMARC adoption by consumer mailbox providers


Room 103
Sunday, January 24, 2016 - 13:30 to 14:30