How do Email Headers help verify an email's authenticity and The Future of DMARC - PowerPoint PPT Presentation

About This Presentation
Title:

How do Email Headers help verify an email's authenticity and The Future of DMARC

Description:

When someone receives an email, they see sections of the message that the majority of people are interested in. In addition to the message body, the receiver will normally see a few header fields, such as ‘From To:’, ‘Subject:’, and Date: which transmit basic information about the email message's stated origin and topic. These headers are only a subset of the total number of headers in the email. – PowerPoint PPT presentation

Number of Views:16
Slides: 8
Provided by: rawatnimisha
Category: Other
Tags: dkim | dmarc | spf

less

Transcript and Presenter's Notes

Title: How do Email Headers help verify an email's authenticity and The Future of DMARC


1
How do Email Headers help verify an email's
authenticity and The Future of DMARC
2
  • When someone receives an email, they see sections
    of the message that the majority of people are
    interested in. In addition to the message body,
    the receiver will normally see a few header
    fields, such as From To, Subject, and Date
    which transmit basic information about the email
    message's stated origin and topic.These headers
    are only a subset of the total number of headers
    in the email.
  • The method for making hidden headers visible
    will differ depending on the mailbox provider. In
    Gmail, you can access the email header by
    clicking on the three dots in the upper right
    corner of a message and then Show Original.
    Other providers will have an option on a menu
    such as Show Message Source or words to that
    effect.

3
  • You'll know you've arrived at the proper location
    when you notice a lot of text with lines
    beginning with phrases like Received,
    Return-Path and others including the one we're
    interested in, Authentication-Results, which
    will look like this

4
  • To establish the identity of the parties
    responsible for a particular communication, email
    authentication protocols such as SPF, DKIM, and
    DMARC are employed. In this header, mailbox
    providers will record the outcomes of the
    authentication checks performed on a message, and
    we can see that this message obtained pass
    verdicts for all three.
  • The mailbox provider will then utilize the
    information in this header, as well as other
    information about the responsible parties, to
    determine where to store this message in the
    recipient's inbox.
  • If you're a user who's wondering why a message
    wound up where it did, you might want to look at
    this header. It is important to note that while
    fail judgments may increase the likelihood of the
    message being placed in the user's spam/junk
    folder, pass verdicts do not ensure that the
    message will be placed in the inbox.

5
  • These procedures reliably confirm the identities
    of the parties involved. If such persons are
    known to the mailbox provider as senders of
    unsolicited mail, the mailbox provider's choice
    to place the message in junk is made easy.
    Senders attempting to standardize their
    authentication processes can also utilize the
    Authentication-Results header, although it is
    not their greatest tool for doing so.
  • Repeated cycles of send a message, check at
    Auth-Results header, tweak, repeat are a
    technique for the tiny sender employing one
    server and one IP address (albeit a tedious one).
    The Authentication-Results header, on the other
    hand, is only a grain of sand on the beach of
    emails that a domain owner delivers.
  • DMARC aggregate reports are far better tools for
    them because, rather than being unduly focused on
    the details of email to one mailbox at one
    provider, domain owners can focus on the wider
    picture of their whole email sending program.

6
  • How Does DMARC Help?
  • End users can obtain DMARC aggregate reports,
    which compile statistics on the authentication
    information for every email sent from their
    domain. Senders can additionally request a class
    of processing for a failed authentication
    message. 
  • However, enforcement is an important component
    of DMARC, and only 13 of DMARC users are now at
    enforcement. Without it, recipients are not given
    instructions on how to handle a message that
    fails authentication, allowing counterfeit emails
    to enter the inbox. For the receiver, DMARC
    matches SPF and/or DKIM authentication results
    with what the user sees in the From field of
    their email.
  • As DMARC use increases, domain owners can rest
    assured that only allowed senders are using their
    domain. End users, too, can be increasingly
    convinced that the message in their inbox is from
    who it says it is From without having to dive
    through email headers. However, we are still far
    from reaching optimal protection. 

7
  • The Future of DMARC
  • DMARC involves complexities that are difficult
    and time-consuming for most businesses to
    execute. Furthermore, it is dependent on two
    additional standards, SPF and DKIM, both of which
    are difficult to apply and prone to mistakes.
  • We'll probably witness a trend toward more
    direct communication regarding DMARC's technical
    elements. There are already free tools available
    to help with the often-complicated first phase of
    a DMARC endeavor, which would normally need human
    XML report interpretation. Giving domain owners
    DMARC visibility without the technical effort is
    only the first step toward making DMARC
    enforcement available to everyone. 
  • DMARC paves the way for new security standards
    and specifications that will benefit all
    departments, from IT to marketing. Brand
    Indicators for Message Identification (BIMI), a
    new email specification that allows brand logos
    to be shown within compatible email clients, is
    one example. To be qualified for BIMI (and the
    corresponding 10 boost in email engagement), a
    company's DMARC policy must be in place. Hence,
    it is advised to adopt DMARC as soon as it is
    feasible for your brand.
Write a Comment
User Comments (0)
About PowerShow.com