英语薄冰语法书pdf_薄冰上的电子邮件

英语薄冰语法书pdf

There are some concepts to keep in mind while doing e-mail forensics, or while managing e-mail messaging systems.

在进行电子邮件取证或管理电子邮件消息传递系统时，要记住一些概念。

Nowadays, e-mails are still the main vector for communications, being it for simple notices and greetings, for business contracts, or payments. It follows that they are also the main attack vector for malicious actors.

如今，电子邮件仍然是通信的主要载体，无论是用于简单的通知和问候，用于商业合同还是用于支付。 因此，它们还是恶意行为者的主要攻击媒介。

We are at a point in time in which the tendency is to look for sophisticated protection solutions, from next-gen AV endpoints, anti-spam, ATP, IPS and sandboxes, to the more imaginative custom rules and approaches.

我们正处于一个趋势，即寻找从下一代AV端点，反垃圾邮件，ATP，IPS和沙盒到更具想象力的自定义规则和方法的复杂保护解决方案的趋势。

While all of the above are powerful and useful, we need to remember that e-mails have been around for quite some time, and have greatly evolved ever since.

尽管以上所有功能强大且有用，但我们需要记住，电子邮件已经存在了很长一段时间，并且自那时以来已经有了很大的发展。

Security wise, the main focus when managing messaging systems is to make sure that unsafe content will not be delivered to the destination. After that, comes the harsh reality that some malicious e-mails will be received anyway, so you want the recipients to avoid opening links and attachments, or to not follow-up scam attempts. Once you tought your users how to try and recognize “bad e-mails”, usually you want to help them in the process, and the ball is in your court.

在安全方面，管理邮件系统的主要重点是确保不安全的内容不会传递到目标。 之后，出现了一个严峻的现实，无论如何都会收到一些恶意电子邮件，因此您希望收件人避免打开链接和附件，或者不要跟进欺诈尝试。 一旦让用户知道如何尝试和识别“不良电子邮件”，通常就需要在此过程中为他们提供帮助，而麻烦就在法庭上了。

电子邮件处理和伪造 (E-mail messages handling and falsification)

Lately, a vastly abused technique in scams consists in directly accessing a compromised IMAP account, to then edit existing e-mails, forging content as desired. This might be a different attachment, a new bank account, or an arbitrary link.

近来，欺诈中一种被广泛滥用的技术包括直接访问受损的IMAP帐户，然后编辑现有电子邮件，并根据需要伪造内容。 这可能是不同的附件，新的银行帐户或任意链接。

So when your users follow up on that forged payment request, and the money goes to some other third party, and then you report to the authorities, you need to have proof that the message ever existed. Some forensics expert might want to inspect the victim’s inbox, looking for evidence of forging and compromise.

因此，当您的用户跟进该伪造的付款请求，而钱又转到了其他第三方，然后您向当局报告时，您需要证明该消息曾经存在。 一些法医专家可能想检查受害者的收件箱，寻找伪造和妥协的证据。

Sadly, most of the times this might not be easily doable, as in the above example the poor analyst could be left with EVERY message to be tampered with.

可悲的是，在大多数情况下，这可能并不容易实现，因为在上面的示例中，可怜的分析师可能会留下每条被篡改的信息。

浪费不可 (Waste not, want not)

Within e-mail’s standard RFC, there already is some protection mechanism, by the means of SPF, DKIM and DMARC.

在电子邮件的标准RFC中，已经通过SPF ， DKIM和DMARC有了一些保护机制。

In short:

简而言之：

SPF record is a DNS record containing a list of allowed senders IP.

SPF记录是一个DNS记录，其中包含允许的发件人IP列表。

DKIM (DomainKeys Identified Mail) is a signing method for e-mails, which uses key cryptography to ensure that the message hasn’t been tampered with in the delivery process.

DKIM (域密钥标识邮件)是电子邮件的一种签名方法，它使用密钥加密技术来确保邮件在传递过程中未被篡改。

DMARC record (when enforced) validates an e-mail based on a match between the From: field with either the Return-Path: of the SPF record or DKIM’s signature domain, so it needs one of them to pass authentication to properly apply enforcement.

DMARC记录(强制时)基于发件人：字段与SPF记录的Return-Path：或DKIM签名域之间的匹配来验证电子邮件，因此它需要其中一个通过身份验证才能正确应用强制。

With all the above correctly in place and running, you should already have a good level of security on your messaging system, at least in terms of anti-spoofing capabilities.

正确安装并运行上述所有内容后，至少在防欺骗功能方面，您应该已经在邮件系统上具有良好的安全性。

Alas, in most realities this isn’t the case, as these settings get frequently misconfigured, if not completely ignored. If you want to further read about it, I am linking at the end of the article one of my sources about 7 common mistakes people make with DMARC.

las，实际上并非如此，因为这些设置经常被错误地配置，即使没有被完全忽略。 如果您想进一步阅读它，我将在文章结尾链接我的资料来源之一，该资料涉及人们使用DMARC犯的7个常见错误 。

踩脚 (Stepping on your feet)

What happens when you apply a filter before the mail server, like sandboxes, ATP or the insertions of tags and banners inside the subject or body of a message?

在邮件服务器之前应用过滤器(如沙箱，ATP或在邮件主题或正文中插入标签和横幅的过滤器)会发生什么？

To demonstrate this, I created a test e-mail account on GMX, giving myself IMAP access to use DKIM Verifier add-on on Thunderbird.

为了证明这一点，我在GMX上创建了一个测试电子邮件帐户，使我自己可以使用IMAP访问在Thunderbird上使用DKIM Verifier附加组件。

Upon registration, I received the first welcome message:

注册后，我收到了第一条欢迎消息：

As you can see, DKIM signature is valid, even if I get the notice “From does not match the user identifier”, and my pal up there is quite happy about that.

如您所见，即使我收到“发件人与用户标识不匹配”的通知， DKIM签名也是有效的，并且我的朋友对此非常满意。

Now, what happens if I edit the e-mail just a bit, something like this:

现在，如果我只是编辑电子邮件，会发生什么，像这样：

Pal is not amused…DKIM Verifier notices the message has been modified and this could be a trigger for some kind of alert.

Pal并不感到高兴…… DKIM Verifier注意到消息已被修改，这可能会触发某种警报。

This goes for attachment filtering and replacing too, as they are a part of the message body.

这也适用于附件筛选和替换，因为它们是邮件正文的一部分。

This means, if we had some kind of solution indiscriminately filtering and tampering our e-mails, every message received should be treated as untrusted. Or trusted…or…wait! If every message is trusted, then every message will be untrusted…or vice-versa?!

这意味着，如果我们有某种不加选择地过滤和篡改电子邮件的解决方案，则收到的每条消息都应视为不可信。 还是值得信赖的……或者……等待！ 如果每条消息都是可信的，那么每条消息都是不可信的……反之亦然？！

道德 (The moral)

Advanced solutions are good, but only if applied with reasoning AFTER the basic configurations available by design in the protocols and software in use.

先进的解决方案是不错的选择，但前提是要在合理使用基础协议和软件所提供的基本配置之后，再进行推理。

These should not be applied like a tank on EVERYTHING, they are far better if precisely aimed and tailored on specific flows.

这些工具不应像罐子一样应用在所有设备上，如果精确地针对特定的流量进行定制，则效果会更好。

If not, by trying to implement a cool helping solution, you are only helping end users to be more likely “clicky & scammy”.

否则，通过尝试实施一个很棒的帮助解决方案，您只是在帮助最终用户更有可能成为“ clicky＆scammy”。

Well, as always, this is just my 2 cents on the topic…here you can find 7 common mistakes people make with DMARC.

嗯，一如既往，这只是我在该主题上的2美分……在这里您可以找到人们使用DMARC犯的7个常见错误 。

And, might be useful to some of you, Anti-spam message headers in Microsoft 365.

而且，对于您中的某些人来说， Microsoft 365中的反垃圾邮件消息标头可能会有用。

翻译自: https://medium.com/swlh/e-mails-on-thin-ice-2e500c171284

英语薄冰语法书pdf