Enhancing Email Security: The Crucial Trio of SPF, DKIM, and DMARC

by Featured

0

In the rapidly evolving landscape of cybersecurity, safeguarding sensitive information has become paramount for organizations. Email, being a primary communication channel, is often targeted by malicious actors seeking unauthorized access or spreading phishing attacks. To fortify your organization’s defences, the implementation of SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) is not just a best practice; it’s a necessity.

1. SPF (Sender Policy Framework): Fortifying Sender Authentication

   SPF acts as a sender authentication method by preventing unauthorized entities from sending emails on behalf of your domain. By defining authorized mail servers in DNS records, SPF significantly reduces the risk of email spoofing. This ensures that recipients can verify the legitimacy of the sender, enhancing trust and minimizing the chances of falling victim to phishing attacks.

2. DKIM (DomainKeys Identified Mail): Adding a Layer of Email Integrity

   DKIM complements SPF by adding an additional layer of security through cryptographic signatures. When an email is sent, DKIM signs it with a private key, and the recipient verifies the signature using the public key published in the DNS records. This cryptographic validation ensures that the email content remains intact during transit, reducing the risk of tampering and guaranteeing the sender’s authenticity.

3. DMARC (Domain-based Message Authentication, Reporting, and Conformance): Unifying Authentication Protocols

   DMARC acts as a policy layer that leverages SPF and DKIM authentication results to determine the fate of incoming messages. It provides a framework for instructing email receivers on how to handle messages that fail authentication checks. DMARC policies can be set to monitor, quarantine, or reject such messages, giving organizations granular control over email security. Moreover, DMARC includes reporting functionalities, providing insights into authentication outcomes and potential threats.

Benefits of Implementing SPF, DKIM, and DMARC:

Mitigating Phishing Attacks: Together, SPF, DKIM, and DMARC create a robust defence against phishing attempts, reducing the risk of malicious actors impersonating your organization.

Enhancing Email Deliverability: ISPs and email providers increasingly favour authenticated emails. Implementing these protocols positively influences your organization’s email deliverability, ensuring that legitimate communications reach the intended recipients.

Protecting Brand Reputation: Successful phishing attacks not only compromise sensitive data but also tarnish an organization’s reputation. SPF, DKIM, and DMARC help maintain trust by ensuring that only authorized emails are sent under your brand’s name.

Detailed Reporting and Insights: DMARC’s reporting features provide valuable insights into authentication failures, allowing organizations to fine-tune their email security measures and stay ahead of potential threats.

In conclusion, the collaborative implementation of SPF, DKIM, and DMARC is a cornerstone of a comprehensive email security strategy. By fortifying authentication, ensuring message integrity, and providing policy controls, organizations can significantly reduce the risk of falling victim to email-based threats, ultimately safeguarding their sensitive information and maintaining a secure communication environment.

How to quickly find the Group ID of a Teams group.

by Featured

0

To manage the Teams group in Powershell, the group id is the most easy attribute to manage the group. But at the same time, it is bit cumbersome to to get the group id. I was looking for a quick way to get this attribute and noticed that it can be found easily without connecting to teams Powershell.

. Open Teams admin center.

. Go to Teams and search for the group you are looking for.

. Open n the properties of the group.

. The group id is shown at the end of URL in the browser.

Exchange:”Failed to enable the new cloud archiveCloudArchiveGuid of mailboxMailboxGuid because a different archiveArchiveGuid exists. To enable the new archive, first disable the archive on-premises. After the next Dirsync sync cycle, enable the archive on-premises again.”

by

0

My colleague reached out to me to assist on hiding a leaver mailbox from Global address book. He has already set the msExchagneHidefromaddressbook attribute to “False” but it was not replicated to Exchange online.

I thought it is just a case of missing mailnickname value and told him that I would fix it. Mainickname attribute value is mandatory to synchronize certain exchange attribute to AzureAD and Exchange online.

As suspected the said account was missing this attribute. I copied the attribute value from Exchange online and set it in On-premise Active directory but after waiting for AAD connect sync cycle, I could see that both mailnickname and msExchagneHidefromaddressbook getting synchronized to Azure Active Directory but not to exchange online.

Strange ☹. Normally the above steps fixes this but not in this case.

At this point I knew something is wrong with this account but what?

I started from looking at all properties of this account and one error caught my attention. While opening the user properties in Microsoft admin center, the below error was shown

Exchange: Failed to enable the new cloud archive 3af7ba1c-2b47-418d-84ce-7285f18065c7 of mailbox 56g3344a-c65z-4202-88e4-bd687a0a512c because a different archive c1fce654-34ce-4b46-8138-8546539f5247 exists. To enable the new archive, first disable the archive on-premises. After the next Dirsync sync cycle, enable the archive on-premises again.

Another symptom that mailbox provisioning was also stuck

This is interesting.

At this point I was sure that it is due to mismatched attributes between on premise active directory and Azure AAD. This issue.

The cause was identified and now it is time to find the solution.

Solution:

Few attributes in on premise AD needs to be updated to match with Exchange online value

  1. Mailnickname
  2. msExchangeArchiveGUID
  3. msExchArchiveName

To get the value of the above mentioned attributes, connect to Exchange online powershell and run below commnds

  1. Get-ExoMailbox <user email address> | fl alias – The returned value will be mailnickname value
  2. Get-Mailbox <user email address > | fl *archive*
  3. Copy the value of ArchiveGUID and ArchiveName
  4. We need to convert the ArchiveGuid value to Hexadecimal. To do this, please run below command in windows powershell
  5. [system.guid]$guid = “ArchiveGuid”
  6.  ($Guid.ToByteArray() | foreach { $_.ToString(‘x2’) }) -Join ‘ ‘
  7. The output will look like below
  • Now go to On Premise active directory and fill the values

Alias = mailnickname value captured in step 1.

msExchangeArchiveGuid = value captured in step 7.

msExchageArchivename = ArchiveName value captured in step 2.

Now take a cup to Chai and wait for AAD sync to run. Once sync cycle runs, please give 30 minutes for attributes to sync from Azure Active Directory to Exchange online. See you

Respect & Appreication

by

0

Leadership is not just managing resources. It also involves communicating, inspiring, and supervising to be a successful leader.

I do accept that I am not the most talented person in this IT world but I do my job honestly and with complete dedication. I also accept the fact that sometimes I slip but those instances are very rare.

I’d never considered my job as a job. Troubleshooting, fixing issue and implementing new ideas are my passion. Working in this team and for this organization is an honor for me.

I feel great when a user says “thanks for your help” or this

. This keeps me going.

But it breaks the heart when I am told “It is all your fault. you are no good and you should be fired right away”, when working on a P1 issue. Sorry, it was not my fault. I was trying to help someone to fix their issue.

You do not appreciate me for the jobs well done, taken, but please please do not insult, threaten and intimidate me. No award or reward can compensate the emotional pain and mental agony a person goes through when he/she does not feel valued and respected. Treat your employees as your colleagues not just as workers.

Thanks. Happy weekend.

Microsoft Teams meeting attendees report

by

0

Since the inception of Microsoft Teams, almost all users were either requesting Microsoft using “User Voice” or waiting for Microsoft to enable Meeting organizers to view or export a list of attendees, including enter and exit times, duration, etc.

Though it took a very long time but on 19th May 2020, Microsoft announced that they enabled download of a meeting attendance list during a meeting. The report can be downloaded only by the organizer of the meeting and not by attendees.

The work is in progress on enabling download after a meeting has concluded.

This feature is disabled by default and needs to be enabled via admin policy.

How to enable the attendee report feature in Meeting policy?

Currently only PowerShell can be used to modify this setting.

Set-CsTeamsMeetingPolicy cmdlet can be used to edit the existing meeting policy or New-CsTeamsMeetingPolicy can be used to create a new Teams meeting policy and assign it to users.

Below is the command to edit the existing meeting policy to enable this feature.

Set-CsTeamsMeetingPolicy -identity “Meeting Policy Name”-AllowEngagementReport $true

This is a per-user policy and can be selectively assigned to users.

How to download the Meeting attendee report

The organizer of the Teams Meeting can save a record of who has attended the meeting by following below steps:

a. During the meeting, select Show Participants and choose Download attendee list.

Download attendee report

b. The report will be downloaded as .CSV file. The file contains the name, join time, and leave time of all meeting attendees.

Note: The attendance report can only be downloaded while the meeting is in progress and participants are still present.

My current mental state

by

0

खुद को ढूंढ़ने निकलता हूँ रोज़,
उन्हीं पुरानी गलियों में,
मगर ना जाने क्यों खुद की ही भूल भुलैया में फंस जाता हूँ,
ना जानें क्यों इतना मुश्किल सा लगता है खुद को ढूंढ़ना,
इतनी दफा उन गलियों से निकलने के बावजूद भी,
ना जाने आखिर कयूँ गुम हो जाता हूँ,
अपनी ही बनाई हुई उन गलियों में,
उन चौराहो पे,
उन मोहल्लो में,
ना जाने क्यों,
बस खुद को भटकता पाते ही,
डर सा जाता हूँ ,
सहम सा जाता हूँ,
खुद को कोसता हूँ, इस भूल भुलैया में घुसने के लिए.

Credit to anonymous

Sad..disappointed, disheartened…..

by

0

From last few days, I was reading and following the news of lay offs in some organizations. I have few friends who are working with this IT giant or shall I say was working with this IT giant. I never wanted to call them to ask if they are also affected by this turmoil but could not hold myself. Spoke with one of my very good friend who was also my mentor in my first job. We had spent few good years working together for two organizations before we moved on in our career.

When I called him today, I was praying to God that please keep his job safe. But no…he has been laid off..could not control my tears..why..why God..

He comes from a very humble background. Has struggled a lot to grow in life. I’ve seen his low and was part of his high times…We had shared our sorrows, pains and good times. Why..why he or why anyone..

Long back I was listening to a speaker in some seminar on emotional quotient and he had said “A man is shattered by two tragedies –one loosing spouse and the other is loosing Job..

Everyday when I wake up, I pray to god to keep my family and dear ones safe, sound and healthy.

Now as the emotions are bit low..I am pondering “is this what we deserve”..We compromise on our personal life, sacrifice our happiness to keep our clients happy. We forget or we don’t get time to call our family but never fails to dial in a conference call. We loose sleep to make sure that servers are up and running but if our kid is not keeping well, we may not get a day off to take him/her to doctor..

will come back to this…right now.. all the best my friend..

Have you ever ignored a message in outlook?

by

0

Few days back, I got a call from one of my local IT engineer friend to help on a tricky issue. He mentioned that for one of the user, emails with an identical subject line moves directly to Deleted items folder irrespective of internal or external sender.

My first suggestion was to check if there is a rule but as expected, the answer was “no rules”. I double verified it from exchange PowerShell and he was true –no rules.

I had seen such issues earlier and most of the time corruption in rules caused this and MFCMAPI had helped in almost all cases to remove the corrupt rules. But this time as there was no rule at all, MFCMAPI also could not help L

Then, I started analysing those emails. While looking at those emails in Deleted items folder, I noticed that “Ignore” menu is highlighted for those messages but not for other messages…next question, why is this and what is this “ignore” thingy…

As per MS “Ignore Conversation removes all messages related to the conversation that you select, and moves future messages in the conversation directly to your Deleted Items folder.”.

That was it…User has accidently selected “ignore” option instead of delete option and as designed, all future messages in that conversation was moving directly to Deleted Items folder.

Ok..symptom and cause understood but how to stop it…simple…go to Deleted Items folder, select any message in that conversation. You will see that Ignore option is highlighted if the conversation was ignored earlier.

Click on the ignore button and there will be a message popping up

ignore2

Select Stop Ignoring Conversation.  As mentioned, future messages will not be moved to Deleted items folder and all ignore messages will be moved to inbox folder.

Though this ignore option is helpful if we need to stop a particular conversation coming to inbox but it should be named something like “Delete Conversation” as it does exactly that…