How to Scale Test Anti-Phishing Email Attacks Based on DMARC

An up-and-coming mail standard, Domain-based Message Authentication, Reporting and Conformance (DMARC), is a proposed way of mitigating phishing attacks, a common and costly form of malware. DMARC involves adjusting e-mail servers to publish DNS mail records using supported standards that include Sender Policy Framework (SPF) and Domain Keys Identified Mail. Part of the challenge of testing anti-phishing is to measure the effectiveness of the system under load.

With Spirent Avalanche, you can create extreme load of mail traffic and measure the mitigation effectiveness with ease. The first advantage is that the user is fully emulated using Spirent SimUser technology. This means that predictably, a specific user using a specific IP and MAC address can send a specific set of mail messages in the same order, test after test. In addition, the user has full ability to create customer mail content, which acts as triggers for DMARC. This may include using a valid company name with an invalid domain, or a “Click Here” embedded event in the mail to redirect the user to a site to illegally capture credit card information or other sensitive information. The mail user may have unique “Variables” such as user mail account, domain list, etc.

With realism at the per mail session set, now Avalanche can scale the spam message count to millions of mail messages per minute across the Device Under Test with Spirent acting as a Client-only emulator. In addition, the user has the option for non-trivial loading of mail such as spikes in mail over a 24 hour period, ramp up, random, or saw tooth patterns. This places extra stress on the security mail appliances and mail server. If Avalanche is used on both ends of the mail relay, then it can perform deep per user analysis and report in real time how many spam and valid messages made it across the security device.

In summary, it is important to understand an individual user behavior when it comes to email based phishing attacks. Only after this is accurately recreated in the test tool one can scale it up to thousands or even millions do performance testing. This way we can effectively validate the device or infrastructure to understand its functional and scaling behavior.

Co-author: Chris Chapman, Spirent

comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.