Adoption of Email Anti-Spoofing Schemes: A Large Scale Analysis - Archive ouverte HAL Accéder directement au contenu
Article Dans Une Revue IEEE Transactions on Network and Service Management Année : 2021

Adoption of Email Anti-Spoofing Schemes: A Large Scale Analysis

Maciej Korczynski
  • Fonction : Auteur
Andrzej Duda

Résumé

Sending forged emails by taking advantage of domain spoofing is a common technique used by attackers. The lack of appropriate email anti-spoofing schemes or their misconfiguration may lead to successful phishing attacks or spam dissemination. In this paper, we evaluate the extent of the SPF and DMARC deployment in two large-scale campaigns measuring their global adoption rate with a scan of 236 million domains and high-profile domains of 139 countries. We propose a new algorithm for identifying defensively registered domains and enumerating the domains with misconfigured SPF rules by emulating the SPF check_function. We define for the first time new threat models involving subdomain spoofing and present a methodology for preventing domain spoofing, a combination of good practices for managing SPF and DMARC records and analyzing DNS logs. Our measurement results show that a large part of the domains do not correctly configure the SPF and DMARC rules, which enables attackers to successfully deliver forged emails to user inboxes. Finally, we report on remediation and its effects by presenting the results of notifications sent to CSIRTs responsible for affected domains in two separate campaigns.
Fichier non déposé

Dates et versions

hal-03277633 , version 1 (04-07-2021)

Identifiants

Citer

Sourena Maroofi, Maciej Korczynski, Arnold Holzel, Andrzej Duda. Adoption of Email Anti-Spoofing Schemes: A Large Scale Analysis. IEEE Transactions on Network and Service Management, 2021, 18 (3), pp.3184-3196. ⟨10.1109/TNSM.2021.3065422⟩. ⟨hal-03277633⟩
94 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More