It's pointless to install a lock on your door if you don't actually use it. Same goes for these security email requirements. If you want to check your own domain or get help with DMARC setup, I use and recommend EasyDMARC: bit.ly/3u8QvH2
This is absolutely not 'useless', at least not eventually. The point is this change is HARD, so forcing people to take the first steps is a very good idea. I guarantee that once the deadline passes and after a little additional time Google will then require 'the lock' to be used. And we'll ALL be in a better state as a result.
Yes, I agree with that completely, and I tried to say as much in the video. I think because people THINK it's a hard change and Google doesn't force it, action isn't taken. My point in making this video is that the change isn't that hard and it's worth doing now instead of waiting.
I'm not even the target audience for this video (not running my own domain), but I liked it anyway. I am so glad that useful help like this is available to anyone who needs it.
These requirements have 2 effects: 1. Better security for the users of gmail and outlook. 2. Because it is ever increasingly hard to get an e-mail delivered, more and more people will stop using their own domains and just get a gmail or outlook. Big companies thrive on regulation and harder rules as long as they are for everybody, because they have the resources to keep up. The smaller one does not and will vanish, while nobody will do any startups.
Thank you for your videos and bringing awareness of security in IT. It is crazy that many of the systems that we still use today are fundamentally the same implementation than we had a decade+ ago, therefore we are subjected to phishing and scamming attacks. It is great to see the initiatives taken by Yahoo et al and I hope they become a standard that will slowly force adoption and then deny services (DNS, email, web, etc) to others who want to impersonate it. We will see more security but also, the bad actors have access to powerful tools (even a malign AI they own in the future) so it is important that we take every measure to protect against it.
Hi! Thank God for you Josh,my family has been so blessed learning how to secure our cellular devices. My question now is, what if you don't want to use password manager, just some type of flash drive that you can just keep yourself, can you do a video about them. Please help.
OK! I My p is set to reject! Protonmail still recommends p=quarantine, which is how I set it up years ago, and forgot all about it, and how to change it. But it wasn't that hard to find out. Thanks for the reminder.
More things to talk about to help increase security around email and fight spam: DNSSEC, DANE for your email server's TLS certificate by setting up a TLSA record in the DNS zone, setting up MTA-STS policy for your domain, and TLSRPTv1 record.
Also to note that if the PTR DNS record for the IP addresses of the email server do not match the FQDN of the email server will also cause emails to not get delivered or get thrown ingo spam folders.
It is only to prevent from someone trying to sue them as they told you to secure your Email account, but allowing their hackers to access those that don’t!!!!!
If you set to reject how would you ever know when your email has been leaked? Sometimes it’s a good thing to set unique prefixes for certain domains when registering an account to be able to spot the guilty part.
Thank you for the explanation, great video! You said that also for you the DMARC setup was a process that started with "p=none". Maybe Google is trying to slowly introduce the idea to make it more strict down the line. If so, I think it is the right way to go. Does this authentication require you to prove your identity with gov issued ID?
Absolutely. I think that’s what Google is doing. But my analogy still stands: it’s like asking someone to install a lock on a door without asking them to lock it. And no, you don’t have to prove identity with a gov-issued ID.
Dont Google have policy related to new domains. Cause I have Heard there exists something called domain reputation. And Newly created domain less than 30 days don't pass through security filter and not get delivered. But I think they land in inbox. So isn't this 30 day theory correct.
Had my yahoo (Frontier) email for 24 years (my husband set it up for me!). This is Greek to me! I've tried to follow the instructions. Doesn't work! My email address sent to me about this issue isn't recognizable! That's why it looks like a scam to me
This is all Greek to me also. Yahoo sent me an email showing me 2 options to choose from for the frontier email, but they don't make since to me. The fix has to be implemented by Sept 16th.
Depends on what you mean. Do you have an "@gmail.com" domain? Then no. But if you use Google to host your email using a custom email domain such as "@yourname.com" then it's advisable.
I'm trying to follow you but every mid sentence your voice volume drops and I can't hear you. Replay your video and you will see. I am a regular Gmail user. Am I supposed to be concerned about this? You have me worried now.
Sorry you're having trouble hearing, Mark. The video is fine on this end. And if your email ends in "@gmail.com" then no, you don't have anything to be concerned about. You don't have to do anything.
Info out there is still too hard to understand. I heard if you set p=reject, mail may still get rejected from servers outside your domain, even if they have been incuded in your SPF? Is this true? or is any IP specified in your SPF get a pass? I think many companies are setting p=none as they have many mailout servers, web servers, etc that send out email impersonating that companies domain address. Also if you use p=reject, and add pct=25 ( ie 25 percent), doesn't that mean it will only act on 25% of emails that get rejected? Like i said.. hard to understand :/
I'm not sure I understand what you mean. This kind of email authentication happens at the domain's DNS level and doesn't really matter if it's Gmail, outlook or any other platform.
Hey Josh, Completly unrelated to the topic of email security but what do you think aboubt using wireless peripherials like mice, keyboards and headphones. Both bluetooth and 2,4 GHz. Are they a common attack target or are most people fine using them? Thanks
Hi Josh, about once a day there is an unsuccessful log in attempt to my Hotmail email address from all over the world incl. Germany, Croatia, Russia and India. I use a strong password that I charge every 72 days and use 2FA with a code being sent to another email address. I use the brave browser to access my emails as not the Outlook app. Is there anything I can do to stop these log in attempts or is my email address just out there for people to try and access?
@@AllThingsSecured I asked simplelogin this and they took over a week to tell me that it doesn't really matter as quarantine and reject are basically the same thing
@@buckrogers4720 Actually this isn't true. The QUARANTIINE flag will forward spoofed/failed messages to your SPAM folder... so they're still being delivered. The REJECT flag will literally not deliver any failed mail. And unless you have reporting activated (it's another flag you set in the DMARC DNS record), AND you've specified an email address to receive reports, you will not be informed messages are bouncing.
I'm not. I appreciate the feedback, though. I genuinely believe that if you send email using a custom email domain, setting up DMARC is a must just like putting a lock on a door is a must. Just because you disagree with me doesn't make me "disingenuous".
Great video, I love the way you explain thing in an easy-to-understand way :) I have tried to wrap my head around this the last few days. Googles "tutorial" isn't helping me. I integrated Proton to use my domain, which was a straight forward process. I know where to put the information (SPF/DKIM), but I haven't found the values yet. According to Google, I need to set up a PTR-record. The only problem with that is my domain provider doesn't support that. Is there a work-around for this? Any help to point me in the right direction is much appreciated.
