Skip to Main content Skip to Navigation
New interface
Journal articles

Adoption of Email Anti-Spoofing Schemes: A Large Scale Analysis

Abstract : Sending forged emails by taking advantage of domain spoofing is a common technique used by attackers. The lack of appropriate email anti-spoofing schemes or their misconfiguration may lead to successful phishing attacks or spam dissemination. In this paper, we evaluate the extent of the SPF and DMARC deployment in two large-scale campaigns measuring their global adoption rate with a scan of 236 million domains and high-profile domains of 139 countries. We propose a new algorithm for identifying defensively registered domains and enumerating the domains with misconfigured SPF rules by emulating the SPF check_function. We define for the first time new threat models involving subdomain spoofing and present a methodology for preventing domain spoofing, a combination of good practices for managing SPF and DMARC records and analyzing DNS logs. Our measurement results show that a large part of the domains do not correctly configure the SPF and DMARC rules, which enables attackers to successfully deliver forged emails to user inboxes. Finally, we report on remediation and its effects by presenting the results of notifications sent to CSIRTs responsible for affected domains in two separate campaigns.
Document type :
Journal articles
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-03277633
Contributor : Andrzej Duda Connect in order to contact the contributor
Submitted on : Sunday, July 4, 2021 - 2:36:22 PM
Last modification on : Wednesday, July 6, 2022 - 4:22:33 AM

Identifiers

Citation

Sourena Maroofi, Maciej Korczynski, Arnold Holzel, Andrzej Duda. Adoption of Email Anti-Spoofing Schemes: A Large Scale Analysis. IEEE Transactions on Network and Service Management, 2021, 18 (3), pp.3184-3196. ⟨10.1109/TNSM.2021.3065422⟩. ⟨hal-03277633⟩

Share

Metrics

Record views

69