Category Archives: Uncategorized

DMARC Record Missing Alerts

Have you heard of DMARC?  It is the newest way to protect your email delivery and online reputation from delivery failures, misconfigurations and fraud and phishing attempts.  If you aren’t using DMARC, you are at risk from email delivery failures.  Learn more about DMARC, DMARC Compliance and Email Delivery.

Since DMARC is such a pivotal technology, we have decided that our customers need to be alerted when it is not configured.   Therefore all MX record lookups will show a critical warning when a DMARC record is not found (see below).  Paid users with MX monitors will receive critical alerts that a DMARC record is missing or misconfigured for their domain.

DMARC record missing.png

MxToolbox experts feel that DMARC is critical to your business success.  Our team is ready to help you with your DMARC configuration and transition to a focus on proactive email delivery management.  Our most recent products MxToolbox Delivery Center and MxToolbox Fraud Center leverage DMARC to improve your email delivery and protect your brand from email fraud.

DNSSEC Root Zone Key Signing Key (KSK) Rollover

What is it?

The KSK is a public-private key pair that allows the DNSSEC protocol to secure your DNS information. The public part of the key is the starting point for DNSSEC queries similar to how the root servers are the starting point for DNS queries. The private part of the key is used by Verisign to sign the Zone Signing Keys in the DNSSEC-sign of the root zone.

What does that mean?

If you’re not using DNSSEC then you don’t have anything to worry about. DNSSEC is a additional security measure that can be taken to secure your DNS information and verify that your domain is actually yours. If you’re not sure that you’re using DNSSEC then you likely are not using it. You could ask whomever is responsible for your DNS to find out for sure.

If you are using DNSSEC then you will need to create a new key pair and retire your current key pair so that DNSSEC will keep functioning. This will be done automatically for you if you are supporting RFC5011 (https://tools.ietf.org/html/rfc5011). Otherwise, you will need to manually update the trust anchor at http://data.iana.org/root-anchors/ and you can find information about testing your configuration at https://www.icann.org/en/system/files/files/ksk-rollover-external-test-plan-22jul16-en.pdf

MxToolbox Resources

networktools_dns.png

MxToolbox has all the DNS and DNSSEC tools you need to help you through this transition.  We have everything from basic DNS lookups, to DNSKEY, NSEC and IPSECKEY lookups to comprehensive domain research tools, like Investigator.  You can even validate your DNS Cert or HTTPS Certificate.  All of these tools are easily accessible from

our Network Tools page (see image).

Additional Resources:

https://www.icann.org/news/blog/dnssec-rolling-the-root-zone-key-signing-key

https://www.icann.org/resources/pages/ksk-rollover

The Status of SpamCannibal

We have temporarily removed SpamCannibal from the list of the over 100 blacklists we check when you use our service.  This means that it will temporarily not appear during searches.

Why?

For approximately the last week, SpamCannibal has failed to resolve in DNS and failed to respond to other queries.  For the moment we are treating it like a temporary outage and simply suspending use of it while we wait for more information.

Typically, when a blacklist goes down permanently, they let everyone know by blacklisting the entire world.  This has not happened.  Instead, we simply stopped receiving status from queries and DNS now times out for the site.  No public announcement has been made, so we are assuming that the outage is temporary until we get more information.

What’s the Status of my Monitors?

We maintain the last status of your IP address or domain associated with the monitor for each blacklist.  If you were on SpamCannibal’s list before the outage, you are still considered to be blacklisted until we find our what has happened to their list.  If you were not on the blacklist at the time of the outage, your status will not change.

What does this mean for email delivery?

Being on a blacklist means that if any company uses that blacklist for email delivery or rejection purposes, your email could be rejected.  Anyone who was using a copy of the SpamCannibal blacklist at the time of the outage may still be using that copy for decision making purposes.

Can an IP or domain be delisted?

Not at this time.  Since the site is inaccessible, there is no method for delisting available. If there is more information or the site remains down for an extended period of time, we may decide to flush all monitors that are currently listed as blacklisted by SpamCannibal.

We will continue to monitor SpamCannibal and return them to our pool of blacklists if the site should recover.

Investigate by URL

With recent upgrades to the Investigator tool, we’re bringing you even more value and information!  In addition to Related IPs and Related Domains , we recently added the capability to lookup based upon a URL.

Now, you can submit a URL to Investigator and we will pull up all the information on the Domain and take a screenshot of the URL you submit.

Use the Investigator to see if a suspect URL looks like it might contain harmful content while you checkout the rest of the domain!

Investigator URL

MxToolbox Investigator is premium tool included with our MxWatch Monitoring plans.  You can also try a free version of Investigator.

Security Tools

Over the last few years, Security has become a huge concern for many companies. MxToolbox has always made email security information accessibility a primary concern – after all, blacklisting is a sign of greater security problem.  However, we feel like reputation is only one (important) part of the security equation.  That’s why we’re happy to highlight some of the new Security Tools we’ve created to make it easier to do your daily security related work and investigate any issues that might arise.

IP and Domain Reputation

Whether you’re researching a potential partner or an incident, understanding the online reputation of an IP address or Domain is incredibly important.

Blacklist

Presence on a blacklist is a clear indicator of an issue with an IP or Domain.  Use MxToolbox’s Blacklist tool to research an individual IP or Domain’s reputation.  The more blacklists an IP or Domain is on, the more egregious the problem and more likely there is a virus or malware infection or other problem.

Investigating a Domain

Our new Investigator tool give you every piece of information you might want on a Domain or URL:

  • Related IP address with reverse DNS, ASN, Geolocation and more
  • Related Domains
  • DNS Nameserver
  • MX record analysis
  • SPF Record analysis
  • Blacklists
  • Whois data

With Investigator, you get all this information in a single-pane view, allowing you to do quick analysis of potential trouble.

mxtoolbox_investigator_email

Checking Large IP ranges

Imagine knowing immediately when one of your hundreds, thousands or millions of IP addresses is compromised by a bad reputation.  While Blacklisting is traditionally caused by sending spam or malware, it could be a result of maintaining servers with a security posture that is open to attack.  Knowing your network reputation is therefore an important part of your security knowledge.

MxToolbox Service Provider allows you to keep tabs on the blacklist reputation of an entire continuous block of IP addresses.  Designed to give you constant updates on your large IP networks, MxToolbox Service Provider alerts you when any changes to your reputation occur giving you instant warning of potential security issues.

SP Graphs

Incident Analysis

When you have an incident the important thing to do is quickly analyze potential source and refining the precise issue.  For that you need a quick way to analyze your log files and then dig into potential abusers.

Looking at Logs with Bulk Lookup

What do you do with a big log file full of IP addresses and domains that could contain your abuser?  Do you go through it by hand looking for odd IPs or strange domains?

How about a tool where you could dump the entire log file, have it parsed and then lookup all the IPs or domains in a single bulk lookup?  That’s why we created our Bulk Lookup Tool.  Bulk Lookup gives you:

  • Reverse IP Address (for domains)
  • AS Number
  • AS Name
  • Geo Location
  • Blacklist Status
  • Start of Authority (SOA)
  • MX Records
  • Nameservers
  • Email Provider
  • DNS Provider

 

DNSBatch_results

You can correlate sites by ASN and DNS/Email service provider, highlight sites with bad blacklist reputations and identify those in geographies known to be troublesome our outside your client area.  With all this information available you can select those that need further investigation with Investigator or our Networking Tools.

Networking tools

MxToolbox has always provided free tools that simplify your server setup, DNS configuration checks and network evaluation, but many customers use them to pursue security investigations.

Think about the power of being able to Ping, Traceroute or investigate the DNS setup of a suspect server.  Or get realtime reputation information on an IP address hitting your servers.  Or get information on the email configuration of a troubling message.

Our tools give you tremendous flexibility to find the information you need on domains and IP addresses to simplify your security research.

What is DMARC?

DMARC is a type of email authentication protocol that leverages the widely used SPF and DKIM protocols to improve a sender’s understanding of how their email in circulation is processed.  Email claiming to be from their domain is analyzed by receiving organizations and a digest of acceptance/failures is sent back to the sender.  DMARC is used to reduce spam and fraudulent email by giving senders information on what recipients see.  DMARC stands for Domain-based Message Authentication, Reporting & Conformance.

How is DMARC setup?

DMARC uses DNS to publish information on how an email from a domain should be handled.  Because it uses DNS, anyone can publicly access your DMARC record to see how to process email that is reportedly from your domain.  This also makes it simple to deploy, only requiring a DMARC (TXT) record.

dmarc-googlerecord

An example DMARC record from Google.com.

How is it used?

DMARC is used in conjunction with SPF and DKIM.  Essentially a sender’s DMARC record tells a recipient what to do with suspicious email purporting to come from a sender.  Does it have a proper DKIM signature (and should it)?  Does it match authorized senders in the SPF record?  Should I pass it on, quarantine it or send it back?  Finally, is there an email address I can forward information about suspicious emails so that the sender is aware of the problem?  DMARC records contain all of these policy decisions.

Why do I need DMARC?

DMARC helps in the fight against malicious email practices that put your business in danger.  Whether you are doing e-commerce or offline sales, your business uses email as a primary means of communication with employees, customers and suppliers.  Unsecured email is easy to spoof and increasingly sophisticated criminals are finding lucrative ways to utilize email.  DMARC helps senders and receivers of email work together to better secure email and reduce spoofing.

MxToolbox Tools for DMARC

MxToolbox has the free tools you need to test your DMARC setup and compare it to best practices.  MxToolbox’s DMARC lookup checks your DNS DMARC record for availability and compatibility with RFCs, which is especially useful when you setup your initial DMARC record.

dmarc-googleresults

A simple DMARC record for Google.com. This one instructs recipients to reject email that comes from Google.com that doesn’t pass DKIM and SPF and where to send the feedback about rejected emails.

dmarc-outlookrecord

A more complex DMARC record used by Outlook.com

Once your record is setup, it is a good idea to monitor your DMARC record to make sure it is publicly accessible.  MxToolbox Monitoring Solutions provide a first-line defense against missing or lost DNS records, like your DMARC record.

What’s coming? [Updated]

MxToolbox is dedicated to making it easier for you to get your message through to your customers, by providing free tools and paid services.  MxToolbox Delivery Center is an advanced Email Deliverability Management Platform that leverages DMARC to give you everything you need to improve your email delivery.  Whether you need to protect your brand from email fraud and phishing or improve your email delivery, MxToolbox Delivery Center is the best solution for your business.

What is DKIM?

DKIM, standing for DomainKeys Identified Mail, is a method where a sender (or forwarder) can take responsibility for the content of an email by digitally signing for the message.  A DKIM signature is added to the header of any outbound email message that a sender would like to vouch for.  The recipient can then compare this DKIM signature to a publicly available DKIM key that decodes it.  If successfully decoded, the message is authenticated as being from that sender.  Otherwise, the recipient can choose to run more intense checks on the email, quarantine or discard it.

A receiver using DKIM will be able to reduce inbox delivery of erroneously forwarded or spoofed email received.  This greatly reduces the potential for abuse as recipients now have more information on the sender.

Should I setup DKIM?

Absolutely!  Both email senders and receivers should be using DKIM on their email systems.  While DKIM does not itself filter email, the DKIM signature is important in your overall delivery/rejection process.  Regardless of the volumes of outbound email, a sending organization should use a DKIM key to sign for email.  This attaches your reputation to the email and makes it easier for customers to trust that email is coming from you.  If there isn’t a signature on email that looks like it comes from you, then it could be spoofed.  It’s better to stand behind what you send.

Similarly, if you aren’t scanning incoming email for DKIM signatures, you are opening yourself up to potential attacks.  At minimum, you are treating all email the same and need to run more checks on incoming email against blacklists, scan for viruses and malware, which can be more taxing than a simple DKIM check.

DKIM works hand-in-hand with SPF and DMarc to help senders and receivers better communicate on the quality of email being sent.  Overtime, these technologies will dramatically reduce spam, spoofing and other unsafe mail delivery.

How do I get a DKIM key?

We often refers customers to one of the many services that will generate a key for you.  Right now, we recommend talking with your email provider.

MxToolbox Tools for DKIM

A DKIM sender may have several DKIM records, so MxToolbox DKIM Lookup searches the specific record selector you request (see below).  DKIM lookup results are parsed and compared to RFCs to alert you to issues.  The example below contains a very simple DKIM record.

dkim-lookup

MxToolbox provides a free DKIM lookup tool that provides a lookup of your DKIM records by selector.

 

dkim-results

Results of a typical DKIM record are parsed and explained.

Get Support!

We know that implementing DKIM, SPF and DMARC can often be a challenging but necessary part of improving email delivery.  That’s why we provide an unparalleled Managed Services option.  MxToolbox Delivery Center Managed Services will implement SPF, DKIM and DMARC on your behalf, monitor you DMARC reports and tweak your configuration as necessary to maintain peak performance of your email.

What is SPF?

Sender Policy Framework (SPF) is a type of DNS record that Mail Administrators use to delegate email delivery options to 3rd parties.  SPF allows the owner of a domain to set a range of IP addresses and domains that are authorized to send email on behalf of that domain.

spf-simple

A simple SPF record (Google.com)

For example, you might use a 3rd party bulk emailer like Mailchimps or MailGun to send a weekly newsletter.  You would want your SPF record to include IP addresses that would be sending for you.

spf-complex

A more complex SPF record with multiple sending IPs and 3rd party delivery services included (anonymous).

How does SPF work?

Essentially, you setup an SPF record to reflect any IP addresses that will be sending on behalf of your domain.  If you have an SPF DNS record, it is publicly discoverable. When an email is sent purporting to be from your domain the recipient server checks your SPF record to see if the sender is actually authorized to send on your behalf.  If so, the email recipient knows the email is from you or your delegates and will chose to accept based upon your email reputation.  If not, the email recipient can opt to scrutinize the email more carefully, quarantine it or outright reject the email.  In this way, SPF is a powerful tool in the ongoing battle against SPAM.

Who should have an SPF record?

Everyone should be using SPF, but particularly companies that utilize any 3rd party email services to send email.  Since many companies actively check SPF records now when processing email, a failure to have an SPF record may mean that your email, especially bulk email, maybe denied.

SPF is a key component to email security and reducing spam and as such, everyone should setup an SPF record to ensure the best possible delivery of their outbound email.  MxToolbox provides a free SPF checking tool (pictured below) where you can verify that your SPF record is publicly accessible that also checks your record against the RFCs for syntax and best practices.

spf-lookup

Results for Google’s SPF record lookup including our checks of record syntax and setup.

SPF is required for implementing DMARC.  If you are interested in getting started with DMARC, we suggest implementing SPF immediately or double-checking your SPF setup and then setting up a DMARC record that points to our new MxToolbox Delivery Center DMARC reporting tool.  Delivery Center provides a centralized dashboard of all the things you need to manage your email deliverability.

If Email Delivery seems complicated,  take advantage of our expert Support team. Delivery Center Managed Services gives you access to the best team to manage improving your email delivery including setting up SPF and implementing DKIM and DMARC.  We take over SPF, DKIM and DMARC configuration and monitoring of your email delierability to give you the best email delivery posture possible.

Talk to our experts – the MxToolbox Support Team

MxToolbox is proud to have one of the best support teams on the Internet.  Our dedicated group of experts has been the backbone of our success.  They listen to your issues, patiently work with you to get the best solution and help you use and understand our highly lauded tools.  Their decades of experience in Email, DNS, and Network technologies give them the best insight into your problems.

Our Experts can help you with a wide range of problems:

  • Blacklisting Causes and Reasons for Listing
  • Blacklist Delisting Support
  • Recommend Changes to reduce the possibility of Blacklisting
  • Email Deliverability issues
  • Recommend Monitors for
  • Network troubleshooting
  • Recommend Email Server settings
  • Troubleshooting assistance
  • And more…

Open a ticket to get started!

MxToolbox support is included with every account, starting from our Basic Plan and up.

We’re Secure – SSL that is…

As of today, all URLs on MxToolbox are now using SSL (Secure Socket Layer) or HTTPS.  HTTPS provides an additional layer of security in your web communications with MxToolbox by encrypting all communications between you and MxToolbox.

What does the change mean?

Links – If you have a static link to our site, you should be redirected to the HTTPS version of the page.  However, you may want to update your bookmark to the HTTPS version to make things simpler.

API Customers – Make sure you are using HTTPS when connecting to the API.  Our documents already suggest HTTPS but it might be a good idea to look at your implementation just in case.

 

Have questions or need assistance with this transition?  Contact our Support Team!

Why are we making this change?

Innovative companies like Google are recognizing the benefits of securing all communications with their clients, both for privacy and security reasons.  HTTP sends every message between your browser and the server in clear text.  In the event there is a malicious router in the network, it’s possible to record and use those message.  With HTTPS, that traffic is encrypted so no one in the middle can read it – just you and our servers!  By going exclusively to HTTPS communications, we are enabling better security for our customers.

What else does MxToolbox have for HTTPS?

Our team of experts is always looking at technology so we highly recommend our customers use HTTPS to secure traffic to their own web servers.  In fact, MxToolbox HTTP lookups and monitors will flag a server if HTTPS is not available in the future.  If you are operating a web server, we highly recommend adding an HTTPS monitor to track server uptime, alert you to potential outages and monitor your SSL certificates expiration date.