DMARC & Other Email Security Information From DNS February 2021

 

DMARC & Other Email Security Information From DNS February 2021

I take numerous inquiries on DMARC. In guidance for my client calls, I frequently do a quick lookup for the client’s MX, SPF and DMARC facts. You can examine notably a whole lot from simply searching at DNS. Since I picked up a few Python in my system gaining knowledge of safety work, my new weekend task became: “Write a Python script that gets relevant records from DNS and shops it for analysis.” After some frustrating tries to write this from scratch, I located checkdmarc which greatly simplified my scripts.

tockhop

I requested my colleagues for a list of the domains of the Fortune500 (F500) organizations and commenced working.

Here are my maximum vital findings, generated in February 2021 (for info, see later):

30% of all F500 domains on my listing have a DMARC report with reject or quarantine policy

4% of those domains have BIMI facts, and four% use DNSSEC

75% of the F500 MX records factor at famous hosted secure electronic mail gateways (SEGs).

I plan to repeat this quarterly, to pick out tendencies, optimistically one in every of them being an upward trend in DMARC adoption.

The remainder of this publish has extra information. If you have an interest, allow me know and I’ll send you my scripts. Also, if you have a fave lists of domains, please ship them to me and I will run my scripts. If you need to examine greater on email security and the position of DMARC, see “How to Build an Effective Email Security Architecture.”

DMARC Policy

For my research interest, checking DMARC information and regulations became the maximum exciting. Using checkdmarc the code is simple:

Many organizations inside the F500 use 1/3 celebration services for parsing DMARC information. The most famous providers that seem in DMARC records for these corporations are Proofpoint (32%) and Agari (eleven%), however I diagnosed 14 other carriers being used. The use of a couple of vendors for DMARC reporting isn't always uncommon.

MX Records

MX information provide statistics on routing and SEG utilization. For every domain in the F500 listing, the script runs the following and drops it in a record for later parsing.

Parsing applies a simple mapping from string in MX host record to a cloud hosed SEG provider. I manually diagnosed 18 of these offerings. Analyzing IP addresses became out of scope for this exercise.

Some results (February 2021):

seventy five% of the F500 MX records point at a well-known hosted at ease electronic mail gateway. The other 25% both haven't any MX file in DNS (10%) or have an unidentified SEG (15%, usually on-premises)

Proofpoint’s hosted SEG is covered in most F500 MX data, with 37% of all MX pointing on the pphosted.Com domain.

Next at the list of maximum popular MX facts pointing at a hosted provider is Microsoft. 15% of the MX statistics within the F500 domain listing factor at Microsoft.

Note that these outcomes do not say something approximately on-premises SEG products nor supplemental e-mail security solutions that are not the MX report.

SPF Records

SPF facts tell something approximately what services are being used to send facts the usage of the employer’s domain names. Parsing SPF is non-trivial, however checkdmarc makes it simple. I become handiest inquisitive about services that send on behalf of the area, so I best looked for domain names. This is what my script looks like:

I manually identified 178 e-mail sending services from all F500 domains, and right here are some of the effects from February 2021:

The SPF blocks which can be covered most usually in SPF information are shape Microsoft. Forty one% of the F500 have Microsoft SPF blocks protected.

Proofpoint follows with 25%. Then Salesforce at 14%.

Then it drops to round 6% with numerous e-mail (advertising and marketing) automation services, inclusive of SendGrid, MailChimp, Pardot, Marketo and others.

There is an extended tail of services covered in SPF. Around a hundred out of the 178 offerings which might be allowed to ship on behalf of one of the F500 domains are used handiest once.

Azure

From the MX and especially SPF records we already noticed that the adoption of Microsoft 365 is large some of the F500 domains. We can do another test right here, just to peer if there may be an Azure tenant associated with the area:

Doing this famous that a high variety of F500 domains, 87%, reply with tenant info.

Other consequences

Incidentally, my clients ask about using different, less commonplace, e-mail protection skills discovered via DNS. I in short regarded into :

·        BIMI facts are located for 4% of the F500 domain names

·        DNSSEC is determined for 4% of the F500 domains.

venturebeatblog  beautymagnetism  beautyation  charismaticthings  businessknowledgetoday