Monthly Archives: March 2017

Our Suite of DNSSEC Tools

Recently, you might have an uptick in Denial of Service attacks or problems with root domain servers.  DNS, while the backbone of the internet, was always easy to spoof with man-in-the-middle attacks and other exploits.  To reduce the effects of these exploits, smart people in the industry created a standard to help secure DNS through a bolt-on security framework called DNSSEC.

Basically, DNSSEC enables an organization with DNS servers to vouch for a DNS entry that it serves to a requestor by signing it.  This is similar to new standards for other early unencrypted Internet protocols communications, like DKIM for email.  Using DNSSEC is like DKIM in that a provider publishes their signature in a separate DNS entry that can be queried by a DNSSEC aware client.  Clients in this way guard themselves against false DNS entries seeking to exploit them.

MxToolbox wants to make it easier for you to keep up on the latest security and networking standards, so we’ve created a suite of tools to help you with DNSSEC.  Check them out:

  • DS –  identifies the Delegation Signers (DS) for the specified domain
  • DNSKEY – returns the DNSSEC records for a domain
  • IPSECKEY –  returns the public key that resolvers can use to secure data at the IP layer using IPSEC
  • NSEC3PARAM – used by authoritative DNS servers to calculate and determine which NSEC3-records
  • NSEC – identifies the next secure (NSEC) record for the specified domain
  • RRSIG – identifies the Resource Record Signatures for the specified domain

Let us know how you like these tools!  Email us at feedback.

Security Tools

Over the last few years, Security has become a huge concern for many companies. MxToolbox has always made email security information accessibility a primary concern – after all, blacklisting is a sign of greater security problem.  However, we feel like reputation is only one (important) part of the security equation.  That’s why we’re happy to highlight some of the new Security Tools we’ve created to make it easier to do your daily security related work and investigate any issues that might arise.

IP and Domain Reputation

Whether you’re researching a potential partner or an incident, understanding the online reputation of an IP address or Domain is incredibly important.

Blacklist

Presence on a blacklist is a clear indicator of an issue with an IP or Domain.  Use MxToolbox’s Blacklist tool to research an individual IP or Domain’s reputation.  The more blacklists an IP or Domain is on, the more egregious the problem and more likely there is a virus or malware infection or other problem.

Investigating a Domain

Our new Investigator tool give you every piece of information you might want on a Domain or URL:

  • Related IP address with reverse DNS, ASN, Geolocation and more
  • Related Domains
  • DNS Nameserver
  • MX record analysis
  • SPF Record analysis
  • Blacklists
  • Whois data

With Investigator, you get all this information in a single-pane view, allowing you to do quick analysis of potential trouble.

mxtoolbox_investigator_email

Checking Large IP ranges

Imagine knowing immediately when one of your hundreds, thousands or millions of IP addresses is compromised by a bad reputation.  While Blacklisting is traditionally caused by sending spam or malware, it could be a result of maintaining servers with a security posture that is open to attack.  Knowing your network reputation is therefore an important part of your security knowledge.

MxToolbox Service Provider allows you to keep tabs on the blacklist reputation of an entire continuous block of IP addresses.  Designed to give you constant updates on your large IP networks, MxToolbox Service Provider alerts you when any changes to your reputation occur giving you instant warning of potential security issues.

SP Graphs

Incident Analysis

When you have an incident the important thing to do is quickly analyze potential source and refining the precise issue.  For that you need a quick way to analyze your log files and then dig into potential abusers.

Looking at Logs with Bulk Lookup

What do you do with a big log file full of IP addresses and domains that could contain your abuser?  Do you go through it by hand looking for odd IPs or strange domains?

How about a tool where you could dump the entire log file, have it parsed and then lookup all the IPs or domains in a single bulk lookup?  That’s why we created our Bulk Lookup Tool.  Bulk Lookup gives you:

  • Reverse IP Address (for domains)
  • AS Number
  • AS Name
  • Geo Location
  • Blacklist Status
  • Start of Authority (SOA)
  • MX Records
  • Nameservers
  • Email Provider
  • DNS Provider

 

DNSBatch_results

You can correlate sites by ASN and DNS/Email service provider, highlight sites with bad blacklist reputations and identify those in geographies known to be troublesome our outside your client area.  With all this information available you can select those that need further investigation with Investigator or our Networking Tools.

Networking tools

MxToolbox has always provided free tools that simplify your server setup, DNS configuration checks and network evaluation, but many customers use them to pursue security investigations.

Think about the power of being able to Ping, Traceroute or investigate the DNS setup of a suspect server.  Or get realtime reputation information on an IP address hitting your servers.  Or get information on the email configuration of a troubling message.

Our tools give you tremendous flexibility to find the information you need on domains and IP addresses to simplify your security research.

What is DMARC?

DMARC is a type of email authentication protocol that leverages the widely used SPF and DKIM protocols to improve a sender’s understanding of how their email in circulation is processed.  Email claiming to be from their domain is analyzed by receiving organizations and a digest of acceptance/failures is sent back to the sender.  DMARC is used to reduce spam and fraudulent email by giving senders information on what recipients see.  DMARC stands for Domain-based Message Authentication, Reporting & Conformance.

How is DMARC setup?

DMARC uses DNS to publish information on how an email from a domain should be handled.  Because it uses DNS, anyone can publicly access your DMARC record to see how to process email that is reportedly from your domain.  This also makes it simple to deploy, only requiring a DMARC (TXT) record.

dmarc-googlerecord

An example DMARC record from Google.com.

How is it used?

DMARC is used in conjunction with SPF and DKIM.  Essentially a sender’s DMARC record tells a recipient what to do with suspicious email purporting to come from a sender.  Does it have a proper DKIM signature (and should it)?  Does it match authorized senders in the SPF record?  Should I pass it on, quarantine it or send it back?  Finally, is there an email address I can forward information about suspicious emails so that the sender is aware of the problem?  DMARC records contain all of these policy decisions.

Why do I need DMARC?

DMARC helps in the fight against malicious email practices that put your business in danger.  Whether you are doing e-commerce or offline sales, your business uses email as a primary means of communication with employees, customers and suppliers.  Unsecured email is easy to spoof and increasingly sophisticated criminals are finding lucrative ways to utilize email.  DMARC helps senders and receivers of email work together to better secure email and reduce spoofing.

MxToolbox Tools for DMARC

MxToolbox has the free tools you need to test your DMARC setup and compare it to best practices.  MxToolbox’s DMARC lookup checks your DNS DMARC record for availability and compatibility with RFCs, which is especially useful when you setup your initial DMARC record.

dmarc-googleresults

A simple DMARC record for Google.com. This one instructs recipients to reject email that comes from Google.com that doesn’t pass DKIM and SPF and where to send the feedback about rejected emails.

dmarc-outlookrecord

A more complex DMARC record used by Outlook.com

Once your record is setup, it is a good idea to monitor your DMARC record to make sure it is publicly accessible.  MxToolbox Monitoring Solutions provide a first-line defense against missing or lost DNS records, like your DMARC record.

What’s coming?

MxToolbox is dedicated to making it easier for you to get your message through to your customers, by providing free tools and paid services like monitoring.  We have introduced a free DMARC reporting tool that takes your recipients DMARC responses and allows you to analyze them.

Coming SOON! We will have an advanced service that goes into more depth on DMARC reporting including your email delivery statistics, setup issues with DKIM and SPF and the reputation of all your sending and receiving servers.