Adoption of Email Anti-Spoofing Schemes: A Large Scale Analysis
- 11 March 2021
- journal article
- research article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Network and Service Management
- Vol. 18 (3), 3184-3196
- https://doi.org/10.1109/tnsm.2021.3065422
Abstract
Sending forged emails by taking advantage of domain spoofing is a common technique used by attackers. The lack of appropriate email anti-spoofing schemes or their misconfiguration may lead to successful phishing attacks or spam dissemination. In this paper, we evaluate the extent of the SPF and DMARC deployment in two large-scale campaigns measuring their global adoption rate with a scan of 236 million domains and high-profile domains of 139 countries. We propose a new algorithm for identifying defensively registered domains and enumerating the domains with misconfigured SPF rules by emulating the SPF check_function. We define for the first time new threat models involving subdomain spoofing and present a methodology for preventing domain spoofing, a combination of good practices for managing SPF and DMARC records and analyzing DNS logs. Our measurement results show that a large part of the domains do not correctly configure the SPF and DMARC rules, which enables attackers to successfully deliver forged emails to user inboxes. Finally, we report on remediation and its effects by presenting the results of notifications sent to CSIRTs responsible for affected domains in two separate campaigns.Keywords
Funding Information
- COMAR project
- SIDN, the.NL Registry
- AFNIC, the.FR Registry
- PrevDDoS project
- IDEX UGA IRS
- ANR projects: the Grenoble Alpes Cybersecurity Institute CYBER@ALPS (ANR-15-IDEX-02)
- PERSYVAL-Lab (ANR-11-LABX-0025-01)
- DiNS (ANR-19-CE25-0009-01)
This publication has 10 references indexed in Scilit:
- Feasibility of Large-Scale Vulnerability Notifications after GDPRPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2020
- Towards Understanding the Adoption of Anti-Spoofing Protocols in Email SystemsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2018
- The Transport Layer Security (TLS) Protocol Version 1.3Published by RFC Editor ,2018
- The Unintended Consequences of Email Spam PreventionPublished by Springer Science and Business Media LLC ,2018
- Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2017
- Neither Snow Nor Rain Nor MITM...Published by Association for Computing Machinery (ACM) ,2015
- Security by Any Other NamePublished by Association for Computing Machinery (ACM) ,2015
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)Published by RFC Editor ,2015
- Parking Sensors: Analyzing and Detecting Parked DomainsPublished by Internet Society ,2015
- DomainKeys Identified Mail (DKIM) SignaturesPublished by RFC Editor ,2011