Would a DMARC reject record have prevented Donald Trump from getting elected?

One of the reasons I just wrote that four part series on where email authentication is helpful against phishing, and where it is not-so-helpful, is because I wanted to examine the John Podesta email hacks. In case you’re not aware, John Podesta was the Chair of the Democratic Campaign to elect Hillary Clinton for President…

5

Where email authentication falls flat at stopping phishing – impersonation attacks using display tricks

In this series so far, we’ve seen how email authentication is a great thing at stopping phishing under some circumstances, and where it isn’t that useful in other circumstances. A circumstance where it isn’t that useful is a variant of Business Email Compromise (BEC) that we call an Impersonation Attack. An Impersonation Attack is when…

2

Where email authentication is potentially great – protecting against spoofing from domains with weak authentication

So, in the past couple of posts, I’ve talked about how email authentication is not that great against phishing attacks that use random parameters in the sender, but is well-designed to work against springboard spear-phishing attacks. There’s another scenario where it is simultaneously well-positioned to protect against spear-phishing, yet not in a good position to…

0

A security story that is kind of disturbing

I’ve got a story for you. As a security person, it’s a little disturbing. I was driving in the car with my wife yesterday who works in the health care industry (she’s not a doctor). She was telling me that earlier that day, she was trying to email a file to some other organization and…

2