Email security: attack and defence
Email security: attack and defence
About the Book
This book is for curious people that want to know how email security works, how to attack email protocols and how to defend from such attacks. It does not matter what your role is or if you do not work in IT security at all. I believe it can be of particular use for both people that have the email security of an organization to care for (e.g. security engineers, network and system administrators) and people that attack it for a living (e.g. red teamers and pentesters).
It is divided in three main topics:
- A presentation of email security mechanisms
- A set of attacks
- A proposal for defense
The content is technical and use practical examples. All attacks described have been performed by the author (me) and part of it is based on professional penetration tests. Exercises are available at each chapter to familiarize the reader with hands-on cases.
Table of Contents
- Introduction
- A few words before beginning
- Greetings
- Credits
- Feedback
- Email security mechanisms
- Encrypting communications
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM) Signatures
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)
- Authenticated Received Chain (ARC)
- Brand Indicators for Message Identification (BIMI)
- A real-life example
- Exercises
- Attack
- Tooling
- Fingerprinting
- TLS downgrade
- S/MIME & OpenPGP implementations
- SPF: allow by default
- SPF: Attacking third-parties in
include
- SPF: Attacking marketing platforms
- From subdomain takeover to phishing emails
- Forging DKIM signatures
- DMARC: loose policy and subpolicy
- DMARC: poor sampling percentage
- Further reading
- Exercises
- Defence
- Concepts
- A (relatively) secure mail infrastructure
- Priority list
- Exercises
- Conclusion
- Exercises solutions
- Email security mechanisms
- Attack
- Defence
- Introduction
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $14 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them