It's pointless to install a lock on your door if you don't actually use it. Same goes for these security email requirements. If you want to check your own domain or get help with DMARC setup, I use and recommend EasyDMARC: bit.ly/3u8QvH2

This is absolutely not 'useless', at least not eventually. The point is this change is HARD, so forcing people to take the first steps is a very good idea. I guarantee that once the deadline passes and after a little additional time Google will then require 'the lock' to be used. And we'll ALL be in a better state as a result.

@AllThingsSecured

3 ай бұрын

Yes, I agree with that completely, and I tried to say as much in the video. I think because people THINK it's a hard change and Google doesn't force it, action isn't taken. My point in making this video is that the change isn't that hard and it's worth doing now instead of waiting.

@l0gic23

2 ай бұрын

​@@AllThingsSecuredits easy and I did this over 10 years ago

I'm not even the target audience for this video (not running my own domain), but I liked it anyway. I am so glad that useful help like this is available to anyone who needs it.

@AllThingsSecured

3 ай бұрын

Thanks so much for the kind comment 👍🏻🙌

@soldbyhobbs6786

3 ай бұрын

Agreed. Except I do run my own domain. Thankfully the first thing I setup was max security with SPF DKIM and DMARC authentication.

Great advice-thanks so much! I just bumped up my policy from p=quarantine to p=reject. I appreciate your simple explanation and why it’s important.

@AllThingsSecured

3 ай бұрын

My pleasure! Great work getting to p=reject!

These requirements have 2 effects: 1. Better security for the users of gmail and outlook. 2. Because it is ever increasingly hard to get an e-mail delivered, more and more people will stop using their own domains and just get a gmail or outlook. Big companies thrive on regulation and harder rules as long as they are for everybody, because they have the resources to keep up. The smaller one does not and will vanish, while nobody will do any startups.

@AllThingsSecured

3 ай бұрын

That's an interesting take. I'm not sure I agree with the premise of #2 there, mostly because it's really not hard. People just THINK it's hard.

Adding fingerprints,face verification and a physical token would make it much safer for people and hard for scammers to carry out any scams.

@fabienneisore7831

2 ай бұрын

Until the holder is hacked and your biometrics are sold on the dark web.

Hi! Thank God for you Josh,my family has been so blessed learning how to secure our cellular devices. My question now is, what if you don't want to use password manager, just some type of flash drive that you can just keep yourself, can you do a video about them. Please help.

If you set to reject how would you ever know when your email has been leaked? Sometimes it’s a good thing to set unique prefixes for certain domains when registering an account to be able to spot the guilty part.

Really great explaination !!

Hi Josh, about once a day there is an unsuccessful log in attempt to my Hotmail email address from all over the world incl. Germany, Croatia, Russia and India. I use a strong password that I charge every 72 days and use 2FA with a code being sent to another email address. I use the brave browser to access my emails as not the Outlook app. Is there anything I can do to stop these log in attempts or is my email address just out there for people to try and access?

Thank you for your videos and bringing awareness of security in IT. It is crazy that many of the systems that we still use today are fundamentally the same implementation than we had a decade+ ago, therefore we are subjected to phishing and scamming attacks. It is great to see the initiatives taken by Yahoo et al and I hope they become a standard that will slowly force adoption and then deny services (DNS, email, web, etc) to others who want to impersonate it. We will see more security but also, the bad actors have access to powerful tools (even a malign AI they own in the future) so it is important that we take every measure to protect against it.

@AllThingsSecured

3 ай бұрын

Definitely. Thank you for the comment!

Thank you for the explanation, great video! You said that also for you the DMARC setup was a process that started with "p=none". Maybe Google is trying to slowly introduce the idea to make it more strict down the line. If so, I think it is the right way to go. Does this authentication require you to prove your identity with gov issued ID?

@AllThingsSecured

3 ай бұрын

Absolutely. I think that’s what Google is doing. But my analogy still stands: it’s like asking someone to install a lock on a door without asking them to lock it. And no, you don’t have to prove identity with a gov-issued ID.

Dont Google have policy related to new domains. Cause I have Heard there exists something called domain reputation. And Newly created domain less than 30 days don't pass through security filter and not get delivered. But I think they land in inbox. So isn't this 30 day theory correct.

It is only to prevent from someone trying to sue them as they told you to secure your Email account, but allowing their hackers to access those that don’t!!!!!

OK! I My p is set to reject! Protonmail still recommends p=quarantine, which is how I set it up years ago, and forgot all about it, and how to change it. But it wasn't that hard to find out. Thanks for the reminder.

@AllThingsSecured

3 ай бұрын

My pleasure!

Good job Josh

More things to talk about to help increase security around email and fight spam: DNSSEC, DANE for your email server's TLS certificate by setting up a TLSA record in the DNS zone, setting up MTA-STS policy for your domain, and TLSRPTv1 record.

@DallamOliverLee

3 ай бұрын

Also to note that if the PTR DNS record for the IP addresses of the email server do not match the FQDN of the email server will also cause emails to not get delivered or get thrown ingo spam folders.

@AllThingsSecured

3 ай бұрын

Thanks for the feedback. Good to know 👍🏻

Hey Josh, Completly unrelated to the topic of email security but what do you think aboubt using wireless peripherials like mice, keyboards and headphones. Both bluetooth and 2,4 GHz. Are they a common attack target or are most people fine using them? Thanks

@AllThingsSecured

3 ай бұрын

Unless you have good reason to believe otherwise, they’re fine for most people to use.

Took us about a year to set up SPF/DMARC/DKIM and get all our domains to reject. But it's the only way to go these days.

@AllThingsSecured

3 ай бұрын

Definitely. It's worth the effort in the long run.

Info out there is still too hard to understand. I heard if you set p=reject, mail may still get rejected from servers outside your domain, even if they have been incuded in your SPF? Is this true? or is any IP specified in your SPF get a pass? I think many companies are setting p=none as they have many mailout servers, web servers, etc that send out email impersonating that companies domain address. Also if you use p=reject, and add pct=25 ( ie 25 percent), doesn't that mean it will only act on 25% of emails that get rejected? Like i said.. hard to understand :/

Question, if you got a domain with google then do you still need to go though this process? Thanks.

@AllThingsSecured

3 ай бұрын

Depends on what you mean. Do you have an "@gmail.com" domain? Then no. But if you use Google to host your email using a custom email domain such as "@yourname.com" then it's advisable.

Can you talk about outlook encryption emails. How to set up it please.

@AllThingsSecured

3 ай бұрын

I'm not sure I understand what you mean. This kind of email authentication happens at the domain's DNS level and doesn't really matter if it's Gmail, outlook or any other platform.

@DJOZMET

3 ай бұрын

@@AllThingsSecured there is an option to send encrypted emails with outlook.

Mines set up to p-=quarantine

@AllThingsSecured

3 ай бұрын

That’s definitely better than “p=none”, but what is keeping you from moving to “p=reject”?

@buckrogers4720

3 ай бұрын

@@AllThingsSecured I asked simplelogin this and they took over a week to tell me that it doesn't really matter as quarantine and reject are basically the same thing

@EricS-uf9mv

3 ай бұрын

@@buckrogers4720 Actually this isn't true. The QUARANTIINE flag will forward spoofed/failed messages to your SPAM folder... so they're still being delivered. The REJECT flag will literally not deliver any failed mail. And unless you have reporting activated (it's another flag you set in the DMARC DNS record), AND you've specified an email address to receive reports, you will not be informed messages are bouncing.

I'm trying to follow you but every mid sentence your voice volume drops and I can't hear you. Replay your video and you will see. I am a regular Gmail user. Am I supposed to be concerned about this? You have me worried now.

@AllThingsSecured

3 ай бұрын

Sorry you're having trouble hearing, Mark. The video is fine on this end. And if your email ends in "@gmail.com" then no, you don't have anything to be concerned about. You don't have to do anything.

👍🏻

@AllThingsSecured

3 ай бұрын

🙏🙏

is this an sponsored vid?

All e-mail senders ?! No. Please stop being disingenuous with your viewers.

@AllThingsSecured

3 ай бұрын

I'm not. I appreciate the feedback, though. I genuinely believe that if you send email using a custom email domain, setting up DMARC is a must just like putting a lock on a door is a must. Just because you disagree with me doesn't make me "disingenuous".

Great video, I love the way you explain thing in an easy-to-understand way :) I have tried to wrap my head around this the last few days. Googles "tutorial" isn't helping me. I integrated Proton to use my domain, which was a straight forward process. I know where to put the information (SPF/DKIM), but I haven't found the values yet. According to Google, I need to set up a PTR-record. The only problem with that is my domain provider doesn't support that. Is there a work-around for this? Any help to point me in the right direction is much appreciated.

@AllThingsSecured

2 ай бұрын

Glad it was helpful! Hard to diagnose your problem here, but either Proton or your domain registrar should be able to help.