From the course: How to Conduct a Phishing Email Investigation
Unlock the full course today
Join today to access over 23,200 courses taught by industry experts.
Email authentication: SPF, DKIM, and DMARC
From the course: How to Conduct a Phishing Email Investigation
Email authentication: SPF, DKIM, and DMARC
- [Instructor] In this video, we will discuss using sender policy framework, DomainKey identified mail, and domain-based message authentication reporting and conformance to determine the email's legitimacy. This is information that also is provided in the message header, and is an extremely helpful skill for security professionals. Open up the email and reveal the full email header. Look for the authentication results field and the header. This field should include information about SPF, DKIM, and DMARC authentication if they were used. Now, let's discuss which each is further. SPF, sender policy framework, is a method for verifying that a sender's IP address is authorized to send an email on behalf of the sender's domain. Look for the received SPF field in the header to see if SPF authentication was used. If the field says pass, it means that the sender's IP address is authorized to send email on behalf of the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.