Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

DomainKeys Identified Mail (DKIM) is an email security standard that adds a digital signature to outgoing emails. The idea is to prove that they are the owner of the domain and that the message wasn't modified in transit. In a recent Twitter thread, the author decided to touch on how attackers actually bypass DKIM without breaking keys. The tldr; is you simply make the server stop asking for it.

DMARC is a standard that leverages both DKIM and SPF for security. DMARC authentication requires an OR instead of an AND. So, if either SPF and DKIM succeed, then DMARC succeeds.

There are two common misconfigurations of PSF that are easy to abuse. Under relaxed alignment the subdomain of a domain is also valid. For instance, anything.company.com will pass under the domain company.com. So, all it takes is a single subdomain compromise.

The second abuse is overly broad SPF record usage. For instance, using include:salesforce.com is bad. An attacker could simply use their own Salesforce account, and it would now be valid.

In response to these issues, they have a few tips for making things safer. First, don't include third-party senders in your PSF. This has too high a risk of spoofing. Second, use strict alignment on the DMARC record where possible. A great post on the real realities of email security!