How to make spam your best friend - download.safeplus.pl Live... · DKIM / SPF Verification DMARC...

How to make spam your best friend on your e-mail appliance

Nicole Wajer – Consulting Systems Engineer

BRKSEC-2325

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Abstract

• Spam has plagued the Internet pretty much since its inception. For a while it appeared like the spam problem was more or less under control. However, in the meanwhile spammers have developed new techniques and the problem is as bad as ever which we call today Ransomware. This intermediate session will provide an overview of Best Practises to mitigate the problem. It will provide an overview of the techniques that can be used to fight spam and how to configure them on your e-mail appliance.

BRKSEC-2325 3

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4BRKSEC-2325

http://www.tagesanzeiger.ch/sonntagszeitung/dny/hacker-erpressen-hoteliers/story/12093156


http://www.tagesanzeiger.ch/sonntagszeitung/dny/hacker-erpressen-hoteliers/story/12093156


A note about Best Practices…

• Throughout the material we will present options for tuning your environment

• These are meant to be general guidelines, and as each environment is unique, it is recommended that settings be set in monitor mode first

• After a determined time, perform analysis and tuning of rules and settings to achieve the desired result

BRKSEC-2325 6

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSEC-2325

Nicole

Nicole Wajer Consulting Systems Engineer

@vlinder_nl

EMEAR (North)

Joined Cisco Dec 2007

Now Content Security & IPv6

7


For Your Reference

• There are (many...) slides in your print-outs that will not be presented.

• They are there “For your Reference”

For YourReference

BRKSEC-2325 8

• HAT / IPAS / Graymail

• Advanced Malware Protection

• URL Filtering

• Attachment Control and Defense

• Tips & Tricks

Agenda

The Email Pipeline


The Email Pipeline

Encryption

Virtual Gateways

Delivery Limits

Received: Header

Domain-Based Limits

Domain-Based Routing

Global Unsubscribe

S/MIME Encryption

DKIM Signing

Bounce Profiles

Message Delivery

LDAP RCPT Accept (WQ)

Masquerading (Table / LDAP)

LDAP Routing

Message Filters

Anti-Spam

Anti-Virus

Advanced Malware (AMP)

Graymail, Safe Unsubscribe

Content Filtering

Outbreak Filtering

DLP Filtering (Outbound)

Pe

r-P

olic

y S

ca

nn

ing

Host Access Table (HAT)

Received Header

Default Domain

Domain Map

Recipient Access Table (RAT)

Alias Table

LDAP RCPT Accept

SMTP Call-Ahead

DKIM / SPF Verification

DMARC Verification

S/MIME Verification

SMTP SERVER WORKQUEUE SMTP CLIENT

BRKSEC-2325 13

HAT, Blacklist/WhiteList


• HATs are associated per listener, defined as being Public or Private. Once a listener is defined they cannot be changed.

• Private listeners have no Recipient Access Table - best used for outbound facing mail traffic. No restrictions for domains

• The structure of the HAT is defined by the listener type, once created a default configuration is loaded.

• Mail Flow Policies (MFP) are also created based on the listener type, thus a MFP such as Relayed would not be created until a Private Listener is defined, or created manually

Host Access Table (HAT) Structure

Host Access Table (HAT)

Received Header

Default Domain

Domain Map

Recipient Access Table (RAT)

Alias Table

LDAP RCPT Accept

SMTP Call-Ahead

DKIM / SPF Verification

DMARC Verification

S/MIME Verification

SMTP SERVER

BRKSEC-2325 15


• IPs and Hosts are evaluated in the HAT Top Down, First Match

• SenderGroups are containers that define the policy based on match

• Inclusion into a SenderGroup is defined by Reputation Score, DNS, or explicit match

Host Access Table Structure

BRKSEC-2325 16


• SenderBase score can be attached to the SenderGroups, ensure that the neutral and no score ranges are addressed

• Within the settings you define the Name, Mail Flow Policy

• Nomenclature is important as it will be displayed in logs and reports

• SBRS scores can be assigned to the group

SenderGroup Options

Thu Jun 9 13:40:34 2016 Info: New SMTP ICID 8 interface Management (10.10.10.90) address 94.46.249.12

Thu Jun 9 13:40:34 2016 Info: ICID 8 ACCEPT SG SUSPECTLIST match sbrs[-3.0:-1.0] SBRS -2.1Thu Jun 9 13:40:34 2016 Info: Start MID 410 ICID 8

Note that SBRS uses multiple sources including honeypots and DNSBLs

BRKSEC-2325 17


• Connecting host PTR record does not exist in DNS.

• Connecting host PTR record lookup fails due to temporary DNS failure.

• Connecting host reverse DNS lookup (PTR) does not match the forward DNS lookup (A).

SenderGroup Options

BRKSEC-2325 18


Understanding Email Reputation

-10

IP Reputation Score

Spam TrapsComplaint

Reports

IP Blacklists

and Whitelists

Message

Composition

Data

Compromised

Host Lists

Website

Composition

Data

Global Volume

Data

Domain

Blacklist and

Safelists

Other Data

Geo-Location

data

Host Data

DNS Data

0 +10

• Breadth and quality of

data makes the

difference

• Real-time insight into

this data that allows us

to see threats before

anyone else in the

industry to protect our

customers

BRKSEC-2325 19


HAT – Host Access Table

• Systems are added to the various Sender Groups manually by adding the sender’s IP address, host name, or partial host name, or they fall into a particular sender group due to their reputation score.

BRKSEC-2325 20


How to Configure Block/White List just 1 Sender?

BRKSEC-2325 21


How to Configure Block/White List - 2

BRKSEC-2325 22


How to Configure Block/White List - 3

BRKSEC-2325 23


Block/Whitelist FULL Domain/IP = HAT

BRKSEC-2325 24


Block/Whitelist FULL Domain/IP = HAT

BRKSEC-2325 25

DNS / Relay Considerations


Reputation: DNS and caching

• DNS is the most critical external service for the ESA

• By default there are 4 DNS lookups per request: Reverse DNS, 2 SBRS lookups and a Number of requests per connection – default

• With SPF, DKIM and DMARC – 3 or more DNS TXT record lookups

• At least 7 possible DNS lookups per connection (excluding any caching)

• Now factor in outbound destination DNS resolution, LDAP, internal hosts, etc.

• More resolvers in high connection environments

• So what if I use the Cisco Umbrella DNS Resolvers?

BRKSEC-2325 27


ESA – Relay host – Not First Hop

• If you allow another MTA to sit at your network’s perimeter and handle all external connections, then the Email Security appliance will not be able to determine the sender’s IP address

• The solution is to configure your appliance to work with incoming relays. You specify the names and IP addresses of all of the internal MX/MTAs connecting to the Cisco appliance, as well as the header used to store the originating IP address

BRKSEC-2325 28


Relay Host Configure

• Network Incoming Relays

BRKSEC-2325 29


Receive header for Relay List

30BRKSEC-2325

Received: from <hop5>





<snip>

Received: from mail.spaansekubus.net ([193.172.32.4])

by alln-inbound-m.cisco.com with ESMTP/TLS/AES256-GCM-SHA384; 19 Feb

2017 15:36:09 +0000

Anti-Spam (IPAS)


Types of Spam

BRKSEC-2325 32


Antispam

• Mail Policies -> Incoming Mail Policies

BRKSEC-2325 33


Spam Options

• Positively-Identified spam is email that is known spam.

• Suspected Spam is email that has characteristics of spam, but has not been confirmed as spam yet.

• Emails identified as positively identified spam and suspected spam can be delivered, dropped, sent to spam quarantine, or bounced with an additional option to send to an alternate host.

BRKSEC-2325 34


Cisco IronPort Anti-Spam (IPAS)

Moderate:

Positive Spam = 85

Suspect Spam = 45

Always Scan 1MB or Less

Never Scan 2MB or More

Aggressive:

Positive Spam = 80

Suspect Spam = 39

Always Scan 2MB or Less

Never Scan 2MB or More

Conservative: Unchanged

always scan set at least to 1M

BRKSEC-2325 36

Graymail (Detection)


Graymail

BRKSEC-2325 38


Graymail

Enable Graymail Dectection

BRKSEC-2325 39


Graymail

BRKSEC-2325 40


Graymail

• Marketing Message Detection is off by default.

• Recommendation for each incoming mail policy, • Mark the message subject line with the text “[MARKETING],” and deliver it to the end user is

company policy permits.

• Marketing messages make up a large percentage of the complaints regarding missed spam. Tagging them allows email administrators to do what they feel is best for their organisation: drop, quarantine, or deliver marketing messages. Alternatively, the email administrator could create a rule to place such messages in the user’s Outlook Junk Mail folder or simply allow the end users to create their own rules for handling those messages.

BRKSEC-2325 41


Spam vs Graymail - 1

• Spam is an email that the recipient didn’t opt to choose (unsolicited) and generally has embedded links, pictures and other documents that may be disguised to look legit, but are actually malicious in nature. Spam emails are intended to fool the recipient and cause harm to the end users environment. For more information on Spam, please refer to the CAN-SPAM Act of 2003.

BRKSEC-2325 42


Spam vs Graymail - 2

• In short: Graymail is an email that the recipient “opted” to receive, but don’t really want them in their inbox. A good example is when you go shopping and provide your email address to receive coupons/discounts and other notifications from that vendor. These emails are known as graymail, you opted to receive them, but after a while you grow tired of how much of the annoying emails the vendor sends and thus ends up being reported as spam, which it isn’t at all.

BRKSEC-2325 43


Graymail Tunning Checklist

• Enable Graymail Detection

• Tick Box ‘Marketing’ in Graymail Settings

• Set to Delivery

• If business allows ‘prepend’ [MARKETING] to subject

44

Advanced Malware Protection


Why Advanced Malware Protection?

BRKSEC-2325 46


AMP on ESA with Threat Grid Public CloudDetailed Flow Chart

Calculate

SHA256

SPERO

Send File

Reputation

Check

Check

Disposition

Reputation

Filtering

Anti SPAM

Anti Virus

Content

Filters

Outbreak

Filters

AMP

Disposition

= good

Disposition

= unknown Check

Upload

Action

Disposition

= malware

Drop or

Deliver Mail

Mail attachments

send to AMP

Pre

Class.

Upload

Action

≠ 1

Upload Action

= 1

Queue Mail

for Delivery

No

Yes

quaratine timer expired

Poke File in

AMP Cloud

Threat Score

>= 95

Poke File in

AMP Cloud

= Threat Grid cloud marks the SHA256 of the file with

disposition = malicious almost instantaneous

Upload to

Threat Grid

yes, analysis

completedQuery TG

File

known?

no

Quarantine

& Track

yes, analysis

running

analysis completed


AMP on ESA – Pre-Classification

• Before an unknown file is submitted there is a pre-classification engine to select only files with active or suspicious content

• Pre-classification signatures

• Byte code rules that detect suspicious indicators such as • Embedded – Macros, EXE’s, Flash.

• PDF within PDF, Corrupt Headers, Invalid XREF etc.

• Signatures provided and hosted by Talos

• Product checks for new updates once every 30 minutes

• This is relevant for any deployment of AMP on ESA and WSA


Advanced Malware Protection (AMP)

• Advanced Malware Protection is integrated on the ESA

• Provides the ability for File Reputation, File Sandboxing, and File Retrospection

• Combined with native URL filtering ESA provides full malware and phishing detection

BRKSEC-2325 51


AMP on ESA with Threat Grid Public CloudConsiderations

• If the file was submitted to Threat Grid cloud and got a Threat Score >= 95 then the Threat Grid cloud will update the file disposition in the AMP cloud for this SHA256 instantaneously

• ESA does not act on a Threat Score from Threat Grid Cloud directly

• ESA only waits for the analysis to finish and then sends the file through AV and AMP again

• Malware will be convicted by AMP due to the adjusted disposition !!

• Thus ESA heavily relies on Threat Grid poking file dispositions into AMP cloud


Tell me more about AMP&TG

BRKSEC-2325

BRKSEC-2890

AMP Threat Grid integrations with Web, Email and Endpoint Security - Thursday 11:30

53

Web Reputation Filtersand URL Filtering


URL Filtering

• Security Services -> URL Filtering

• By default, the URL Filtering goes across all URL, but you have the possibility to “whitelist” certain URL. This can be useful for internal domains and URL, that will of course not have a reputation score or a URL Category

BRKSEC-2325 55


URL Rewriting

• Outbreak Filter has the option to “rewrite” a URL. URL is no longer pointing directly to the destination but will now be redirected over the Cisco Cloud Web Security Proxy

BRKSEC-2325 56


Outbreak Filter – URL Rewrite

BRKSEC-2325 57


URL Rewriting - continued

• It is recommended to rewrite only URLs that are not signed.

• If a URL is digitally signed, the rewriting would make the signature no longer valid.

• If the user clicks on the URL he will be redirected to the Cloud Web Security Proxy:

BRKSEC-2325 58


URL with Content Filter - Condition

• URL filtering in two places (CASE & Outbreak Filter) but can also pro-actively be scanned by Content Filter

BRKSEC-2325 59


URL with Content Filter - Action

BRKSEC-2325 60


Mallicious URL - Outbreak Filters in action

• Outbreak Filter can still stop Malicious URL’s – no rewrite needed

BRKSEC-2325 61


Turn on URL scores in Message Tracking

• Default no URL score in Message Tracking

• On CLI this must be turned ON

• <hostname-esa> “outbreakconfig”

BRKSEC-2325 62


Turn on URL scores in Message Tracking

• Default no URL score in Message Tracking

• On CLI this must be turned ON

• <hostname-esa> “outbreakconfig”

BRKSEC-2325 63


URL Filtering Checklist

• Enable URL Filtering on the ESA

• Enable Web Interaction Tracking (if permitted by policy)

• Enable certain admin users URL visibility in Message Tracking if permitted by policy)

• Enable Threat Outbreak Filtering and message modification – warn your users!

• Whitelist your partner URLS, use the scores to create filter for others

• Combine the reputation rules and leverage language detection as part of the logic

• Use the policies to define the level of aggression for rule sets

BRKSEC-2325 64

Spoofing (FED)


• Forged Email Detection will look for permutations in the Display Name and the prefix of the email address in the From Header

• Use this rule to look for matches against a dictionary of names that are exact or some form of typo squatting

• i.e: Han S0lo, Han Slo, Han So1o

Forged Email Detection (New for 10.0)

BRKSEC-2325 66


• In this example, we took the from header and stripped it from the message if the match was 70 or above

• Combined with a warning disclaimer this would expose the bad sender while warning the end user

• Idea here is that for names that are low threshold matches, you can use the strip header to expose envelope sender – if it is legitimate, it won’t disrupt mail flow

• If all else fails, warn the user of a potential issue by using a disclaimer text on top of the message

Forged Email Filters

Info: MID 2089 Forged Email Detection on the From: header with score of 100, against the dictionary entry Han Solo

BRKSEC-2325 67


Spoofing Checklist

• Know who your allowed external spoofs are by tracking them via filters and policies

• Build the list as the exception, trap all others

• With 10.0 use the Forged Email Detection Feature to look for matches on the display name, if too close to call, drop the From header

• Send a copy of suspected spoofs to a quarantine for review and then tune your rules to start blocking messages

• Make a plan to enable SPF, DKIM and DMARC

BRKSEC-2325 68


What about SPF/DKIM & DMARC?

BRKSEC-2325

BRKSEC-3540

I wonder where that Phish

has gone – Tuesday @ 16:45

69

Attachment Control and Defense


Overview

• While macros enable extended functionality in documents, spreadsheets, and more, they are of concern to customers since they can be an infection vector.

• This feature gives customers the ability to identify macros in PDF, Office, and OLE file types and several options for handling them including:

• Strip Attachment with Macro

• Quarantine message

• Drop message

• Change Recipent

• Send Copy (BCC)

• And more

Macro Enabled Attachment Handling

71


Macro Detection

• The Content Filter Condition sets the file types to be scanned for macros and can include:

• Adobe PDF

• Microsoft Office files

• OLE file types

• This Condition is available for both inbound and outbound Content Filters

New Content Filter Detection

72


Strip Attachment with action

Many of the other Content Filter Actions can be taken on messages containing macros, including:

• Drop Message

• Quarantine

• Change Recipient

• Send Copy (BCC)

• Add Disclaimer Text

• Prepend subject with warning message

73


Macro DetectionUsing Message Filters

This feature is also available in Message Filters using the new

Message Filter rule:

• macro-detection-rule()

And the new Message Filter action:

• drop-macro-enabled-attachments()

Similar to the Content Filter version, other actions can be taken

on the messages to drop the message, redirect it, and more.

BRKSEC-2325 74

Tips and Tricks

The use of Telemetry


Why is Telemetry important

• Give Talos insight on targeted attacks

• By Enabling in GUI you give ‘Limited Service’

• Hidden CLI command to give more details to Talos - "fullsenderbaseconfig"

78


Telemetry – What it send to Talos?

• When enabled, the Context Adaptive Scanning Engine (CASE) is used to collect and report the data (regardless of whether or not Cisco anti-spam scanning is enabled)

• The data is summarized information on message attributes and information on how different types of messages were handled by Cisco appliances. We do not collect the full body of the message

http://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/200440-Web-Sender-Base-

Network-Participation-W.html#anc5

79


Telemetry"fullsenderbaseconfig"

80

Downloading Log files using your browser


Use your browser to get the log files

• Log into the ESA/CES instance

• Check System Administration -> Log Subscriptions the name of the log file case-sensitive

• Change the <ESA_or_CES_URL> to your instance in the URL below

• Paste the URL into the browser https://<ESA_or_CES_URL>/cluster/system_administration/log_list?log_type=amp

• Change the log_type if you want mail logs replace amp with mail_logs

82

https://dhxx-esa1.iphmx.com/cluster/system_administration/log_list?log_type=amp

The New Protocol


IPv6

85


IPv6

HAT RAT Routes Filters Destination

Controls

Trace NIC Pairing Outbreak

Filters

TLS SMTP

Routes

SMTP Call-

ahead

Admin ACL Tracking Reporting Http(s)/Ssh

86


In Summary

• The days of set it and forget it are long gone – continuous monitoring and tuning are required to keep up with todays threats

• Understand what your organizations security posture is and apply it to your appliances

• Keep your appliances updated – we are constantly introducing new features that require upgrades / updates

• Check out our Chalktalks on Youtube and Guides on Cisco.com to help with tuning and setup new features on Cisco Email Security

• Enable Senderbase Participation – especially useful for targeted attacks

BRKSEC-2131 94


Summary of Recommendations

95BRKSEC-2131

CLI Level Changes Web Security SDS URL Filtering

websecurityadvancedconfig >

disable_dns=1 , max_urls_to_scan=20 , num_handles=5 , default_ttl=600

URL Logging outbreakconfig> Do you wish to enable logging of URL's? [N]> y

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118775-technote-esa-00.html

Clean URL Rewrites websecurityadvancedconfig > Do you want to rewrite all URLs with secure proxy

URLs? [Y]> n

Anti-Spoof Filter https://supportforums.cisco.com/sites/default/files/attachments/discussion/forged

_email_detection_with_cisco_email_security.pdf

Header Stamping FilteraddHeaders: if (sendergroup != "RELAYLIST")

{

insert-header("X-IronPort-RemoteIP", "$RemoteIP");

insert-header("X-IronPort-MID", "$MID");

insert-header("X-IronPort-Reputation", "$Reputation");

insert-header("X-IronPort-Listener", "$RecvListener");

insert-header("X-IronPort-SenderGroup", "$Group");

insert-header("X-IronPort-MailFlowPolicy", "$Policy");

}

Security Services IronPort Anti-Spam

Always scan 1MB and Never scan 2MB

URL Filtering Enable URL Categorization and Reputation

Enable Web Interaction Tracking

Graymail Detection Enable and Maximum Messages size 1 MB

Outbreak Filters Enable Adaptive Rules, Max Scan size1 MB

Enable Web Interaction Tracking

Advanced Malware Protection Enable additional file types after enabling feature

Message Tracking Enable Rejected Connection Logging (if required)

System Administration Users

Set password policies

If possible leverage LDAP for authentication

Log Subscriptions Enable Configuration History Logs

Enable URL Filtering Logs

Log Additional Header ‘From’


https://supportforums.cisco.com/sites/default/files/attachments/discussion/forged_email_detection_with_cisco_email_security.pdf



96BRKSEC-2131

Incoming Mail Policies Anti-Spam thresholds

Positive = 90, Suspect = 39

Anti-Virus Don't repair, Disable Archive Message

AMP Add "AMP" to Subject Prepend for Unscannable, Disable Archive Message

Graymail Scanning enabled for each Verdict, Prepend Subject and Deliver

Add x-header for Bulk email header = X-BulkMail, value = True

Outbreak Filters Enable message modification. Rewrite URL for unsigned message.

Change Subject prepend to: [Possible $threat_category Fraud]

Outgoing Mail Policies Anti-Virus

Anti-Virus Virus Infected: Prepend Subject: Outbound Malware Detected: $Subject.

Other Notification to Others: Order form admin contact

Anti-virus Unscannable don't Prepend the Subject

Uncheck Include an X-header with the AV scanning results in Message

Host Access Table Additional SenderGroups

SKIP_SBRS – Place higher for sources that skip reputation

SPOOF_ALLOW – Part of Spoofing Filter

PARTNER – For TLS Forced connections

In SUSPECTLIST Include SBRS Scores on None

Optionally, include failed PTR checks

Aggressive HAT Sample BLACKLIST [-10 to -2] POLICY: BLOCKED

SUSPECTLIST [-2 to -1] POLICY: HEAVYTHROTTLE

GRAYLIST[-1 to 2 and NONE] POLICY: LIGHTTHROTTLE

ACCEPTLIST [2 to 10] POLICY: ACCEPTED

Mail Flow Policy (default) Security Settings

Set TLS to preferred

Enable SPF

Enable DKIM

Enable DMARC and Send Aggregate Feedback Reports



Policy Quarantines Pre-Create the following Quarantines

Inappropriate Inbound

Inappropriate Outbound

URL Malicious Inbound

URL Malicious Outbound

Suspect Spoof

Malware

Other Settings Dictionaries

Enable / Review Profanity and Sexual Terms Dictionary

Create Forged Email Dictionary with Executive Names

Create Dictionary for restricted or other keywords

Destination Controls Enable TLS for default destination

Set lower thresholds for webmail domains


Content Filters Inappropriate Content Filter

Conditions Profanity OR Sexual dictionary match, send a copy to the Inappropriate quarantine.

URL Malicious Reputation Content Filter Send a copy to the URL Malicious (-10 to -6) to quarantine.

URL Category Content Filter with these selected Adult, Pornography, Child Abuse, Gambling.

Send a copy to the Inappropriate quarantine.

Forged Email Detection Dictionary named "Executives_FED"

FED() threshold 90 Quarantine a copy.

Macro Enabled Documents content filter if one or more attachments contain a Macro

Optional condition -> From Untrusted SBRS range

Send a copy to quarantine

Attachment Protection if one or more attachments are protected

Optional condition -> From Untrusted SBRS range

Send a copy to quarantine



Cisco Spark Ask Questions, Get Answers, Continue the Experience

Use Cisco Spark to communicate with the Speaker and fellow participants after the session

Download the Cisco Spark app from iTunes or Google Play

1. Go to the Cisco Live Berlin 2017 Mobile app

2. Find this session

3. Click the Spark button under Speakers in the session description

4. Enter the room, room name = BRKSEC-2325

5. Join the conversation!

The Spark Room will be open for 2 weeks after Cisco Live

BRKSEC-2325 98


Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Please complete your Online Session Evaluations after each session

• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt

• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

99BRKSEC-2325

CiscoLive.com/Online

http://ciscolive.com/Online

http://ciscolive.com/Online


Continue Your Education• Demos in the World of Solutions – Security Area

• Meet the Engineer 1:1 meetings

• Meet Nicole Wajer

• Tweet @vlinder_nl #CLEUR

• BRKSEC-3540 - I wonder where that Phish has gone – Today at 16:45

• LTRSEC-2009 - Lab Email Security ESA 10.0

• LALSEC-2005 - Lunch and Learn - Cisco Email Security - Wednesday 22 February 13:00 - 14:30

• BRKSEC-2890 - AMP Threat Grid integrations with Web, Email and Endpoint Security -Thursday 11:30

BRKSEC-2325 100

Thank You

How to make spam your best friend - download.safeplus.pl Live... · DKIM / SPF Verification DMARC...

Documents

Transcript of How to make spam your best friend - download.safeplus.pl Live... · DKIM / SPF Verification DMARC...