Back to Search Start Over

Adoption of Email Anti-Spoofing Schemes: A Large Scale Analysis

Authors :
Andrzej Duda
Arnold Holzel
Maciej Korczynski
Sourena Maroofi
Laboratoire d'Informatique de Grenoble (LIG)
Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )
Université Grenoble Alpes (UGA)
Drakkar
Université Grenoble Alpes (UGA)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )
Simple Management Technologies B.V. (SMT)
ANR-15-IDEX-0002,UGA,IDEX UGA(2015)
ANR-11-LABX-0025,PERSYVAL-lab,Systemes et Algorithmes Pervasifs au confluent des mondes physique et numérique(2011)
ANR-19-CE25-0009,DiNS,Nommage et services DNS pour IoT sécurisé et sans couture(2019)
Source :
IEEE Transactions on Network and Service Management, IEEE Transactions on Network and Service Management, IEEE, 2021, pp.1-1. ⟨10.1109/TNSM.2021.3065422⟩
Publication Year :
2021
Publisher :
Institute of Electrical and Electronics Engineers (IEEE), 2021.

Abstract

Sending forged emails by taking advantage of domain spoofing is a common technique used by attackers. The lack of appropriate email anti-spoofing schemes or their misconfiguration may lead to successful phishing attacks or spam dissemination. In this paper, we evaluate the extent of the SPF and DMARC deployment in two large-scale campaigns measuring their global adoption rate with a scan of 236 million domains and high-profile domains of 139 countries. We propose a new algorithm for identifying defensively registered domains and enumerating the domains with misconfigured SPF rules by emulating the SPF check_function. We define for the first time new threat models involving subdomain spoofing and present a methodology for preventing domain spoofing, a combination of good practices for managing SPF and DMARC records and analyzing DNS logs. Our measurement results show that a large part of the domains do not correctly configure the SPF and DMARC rules, which enables attackers to successfully deliver forged emails to user inboxes. Finally, we report on remediation and its effects by presenting the results of notifications sent to CSIRTs responsible for affected domains in two separate campaigns.

Subjects

Subjects :
Authentication
Spoofing attack
Computer Networks and Communications
Computer science
ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS
020206 networking & telecommunications
02 engineering and technology
Computer security
computer.software_genre
Phishing
Electronic mail
Domain (software engineering)
[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI]
Software deployment
Server
Threat model
0202 electrical engineering, electronic engineering, information engineering
Electrical and Electronic Engineering
computer
ComputingMilieux_MISCELLANEOUS

Details

ISSN :
23737379 and 19324537
Volume :
18
Database :
OpenAIRE
Journal :
IEEE Transactions on Network and Service Management
Accession number :
edsair.doi.dedup.....0358df950304c10f24732d3de3c3bc35
Full Text :
https://doi.org/10.1109/tnsm.2021.3065422
Full Text Access
View/download PDF

Tools

Authors Abstract Subjects Details