Home / Series / Chaos Communication Congress / Aired Order / Season 36 / Episode 107

Email authentication for penetration testers

(When SPF is not enough) Forget look-alike domains, typosquatting and homograph attacks. In this talk we will discuss ways of forging perfect email counterfeits that (as far as recipients can tell) appear to be coming from well-known domain and successfully pass all checks on their way. Prime focus of this talk will be modern anti-spoofing strategies and the ways around them. Join us as we try to figure out answers to questions such as "Isn't SPF enough?", "Do I *really* need DMARC?" and "Does ticking all three (SPF, DKIM, DMARC) provide the best protection possible?" (answers to these questions are "no", "yes", "no" by the way).

English
  • Originally Aired December 29, 2019
  • Runtime 60 minutes
  • Production Code 10730
  • Created December 29, 2019 by
    Administrator admin
  • Modified December 29, 2019 by
    Administrator admin