Towards the Adoption of Anti-spoofing Protocols for Email Systems

11/17/2017
by   Hang Hu, et al.
0

Email spoofing is a critical step of phishing, where the attacker impersonates someone the victim knows or trusts. In this paper, we conduct a qualitative study to explore why email spoofing is still possible after years of efforts to develop and deploy anti-spoofing protocols (e.g., SPF, DKIM, DMARC). First, we measure the protocol adoption by scanning 1 million Internet domains. We find the adoption rates are still low, especially for the new DMARC (3.1 collect 4293 discussion threads (25.7K messages) from the Internet Engineering Task Force (IETF), a working group formed to develop and promote Internet standards. Our analysis shows key security and usability limitations in the protocol design, which makes it difficult to generate a positive "net effect" for a wide adoption. We validate our results by interviewing email administrators and discuss key implications for future anti-spoofing solutions.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/25/2021

CelebA-Spoof Challenge 2020 on Face Anti-Spoofing: Methods and Results

As facial interaction systems are prevalently deployed, security and rel...
research
02/14/2023

Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy

The critical role played by email has led to a range of extension protoc...
research
04/12/2019

KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures

Email breaches are commonplace, and they expose a wealth of personal, bu...
research
01/22/2019

Hidden Treasures - Recycling Large-Scale Internet Measurements to Study the Internet's Control Plane

Internet-wide scans are a common active measurement approach to study th...
research
05/24/2023

Spoofing Attacker Also Benefits from Self-Supervised Pretrained Model

Large-scale pretrained models using self-supervised learning have report...
research
03/12/2020

SMap: Internet-wide Scanning for Ingress Filtering

To protect from attacks, networks need to enforce ingress filtering. Des...
research
10/11/2022

Race Bias Analysis of Bona Fide Errors in face anti-spoofing

The study of bias in Machine Learning is receiving a lot of attention in...

Please sign up or login with your details

Forgot password? Click here to reset