We’re lucky we can ask our hosting expert Alan about these things, not everyone has a server genius to hand.
We got an email – a very long one, with alarming words like
- I have ventured the liberty of performing a cursory audit of your website’s public security configuration
- I would enormously appreciate consideration for a bounty reward from your department if accessible.
- These attacks could also be accustomed launch phishing attacks so on get information from users. additionally, these could also be accustomed spam users with emails.
- Spoofed emails also are accustomed carry infections like Trojans to try to to harm to victim systems.
- Let me tell you that this can be not a trick nor a scam, and please don’t narrate this with phishing strategy,
- I’m here suggesting certain changes which will prevent from numerous forgeries and altered fabrications’
This prompted me to write to our server partners at Counterpart,
Is there any way you can check, without me engaging in this “ethical hacker” type person, and paying him, if there is something called a “Domain Impersonation / DNS Misconfiguration” on our site?
We got the email below, and he seems to be very specific, could it all be a scam?
For example, this bit:
“No DMARC Record found”
And / Or
“DMARC Quarantine/Reject policy not enabled”
Here is what our Alan wrote:
These people send out templated emails to lots of random people who don’t have DMARC DNS registered.
DMARC is frankly a hacky addon to DNS to report and analyse anyone spoofing your domain, which as our friend here says, is easy to do. It sounds bad, which is what they want you to think but in reality DMARC is so broken virtually nobody uses it.
You have other protections in place to stop spoofing. DKIM / SPF records. You don’t need to understand these really but you’re 95% protected against domain spoofing. He can show you an example I’m sure, but then so can I.
If you really want DMARC, you’ll need to talk to your office 365 people (as its completed there).
Have a look at dmarc: https://www.proofpoint.com/uk/threat-reference/dmarc
Virtually nobody implements this as:
a) All you’ll be doing is reading reports on a daily basis and you’ll need someone to interpret them for you, or indeed pay for some software to do it.
b) it requires the cooperation of other peoples’ mailservers that you don’t control to fully comply with the reporting dmarc gives you.
c) it’s hacky and requires another solution that the internet hasn’t yet come up with.
Don’t bother. This guy is just trying to make a fast buck out of you.
So in conclusion
I can now delete and ignore without fear. Thanks to Alan from Couterpart, who isn’t interested in the limelight but he’s a good genius to have on our side!