How is e-mail sender authentication used and misused?

Tatsuya Mori, Yousuke Takahashi, Kazumichi Sato, Keisuke Ishibashi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

E-mail sender authentication is a promising way of verifying the sources of e-mail messages. Since today's primary e-mail sender authentication mechanisms are designed as fully decentralized architecture, it is crucial for e-mail operators to know how other organizations are using and misusing them. This paper addresses the question "How is the DNS Sender Policy Framework (SPF), which is the most popular e-mail sender authentication mechanism, used and misused in the wild?" To the best of our knowledge, this is the first extensive study addressing the fundamental question. This work targets both legitimate and spamming domain names and correlates them with multiple data sets, including the e-mail delivery logs collected from medium-scale enterprise networks and various IP reputation lists. We first present the adoption and usage of DNS SPF from both global and local viewpoints. Next, we present empirically why and how spammers leverage the SPF mechanism in an attempt to pass a simple SPF authentication test. We also present that non-negligible volume of legitimate messages originating from legitimate senders will be rejected or marked as potential spam with the SPF policy set by owners of legitimate domains. Our findings will help provide (1) e-mail operators with useful insights for setting adequate sender or receiver policies and (2) researchers with the detailed measurement data for understanding the feasibility, fundamental limitations, and potential extensions to e-mail sender authentication mechanisms.

Original languageEnglish
Title of host publicationACM International Conference Proceeding Series
Pages31-37
Number of pages7
DOIs
Publication statusPublished - 2011
Externally publishedYes
Event8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS 2011 - Perth, WA
Duration: 2011 Sep 12011 Sep 2

Other

Other8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS 2011
CityPerth, WA
Period11/9/111/9/2

Fingerprint

Authentication
Spamming
Electronic mail
Industry

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Software

Cite this

Mori, T., Takahashi, Y., Sato, K., & Ishibashi, K. (2011). How is e-mail sender authentication used and misused? In ACM International Conference Proceeding Series (pp. 31-37) https://doi.org/10.1145/2030376.2030380

How is e-mail sender authentication used and misused? / Mori, Tatsuya; Takahashi, Yousuke; Sato, Kazumichi; Ishibashi, Keisuke.

ACM International Conference Proceeding Series. 2011. p. 31-37.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Mori, T, Takahashi, Y, Sato, K & Ishibashi, K 2011, How is e-mail sender authentication used and misused? in ACM International Conference Proceeding Series. pp. 31-37, 8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS 2011, Perth, WA, 11/9/1. https://doi.org/10.1145/2030376.2030380
Mori T, Takahashi Y, Sato K, Ishibashi K. How is e-mail sender authentication used and misused? In ACM International Conference Proceeding Series. 2011. p. 31-37 https://doi.org/10.1145/2030376.2030380
Mori, Tatsuya ; Takahashi, Yousuke ; Sato, Kazumichi ; Ishibashi, Keisuke. / How is e-mail sender authentication used and misused?. ACM International Conference Proceeding Series. 2011. pp. 31-37
@inproceedings{e159935b0b4d41bab7dee9ff7886e5be,
title = "How is e-mail sender authentication used and misused?",
abstract = "E-mail sender authentication is a promising way of verifying the sources of e-mail messages. Since today's primary e-mail sender authentication mechanisms are designed as fully decentralized architecture, it is crucial for e-mail operators to know how other organizations are using and misusing them. This paper addresses the question {"}How is the DNS Sender Policy Framework (SPF), which is the most popular e-mail sender authentication mechanism, used and misused in the wild?{"} To the best of our knowledge, this is the first extensive study addressing the fundamental question. This work targets both legitimate and spamming domain names and correlates them with multiple data sets, including the e-mail delivery logs collected from medium-scale enterprise networks and various IP reputation lists. We first present the adoption and usage of DNS SPF from both global and local viewpoints. Next, we present empirically why and how spammers leverage the SPF mechanism in an attempt to pass a simple SPF authentication test. We also present that non-negligible volume of legitimate messages originating from legitimate senders will be rejected or marked as potential spam with the SPF policy set by owners of legitimate domains. Our findings will help provide (1) e-mail operators with useful insights for setting adequate sender or receiver policies and (2) researchers with the detailed measurement data for understanding the feasibility, fundamental limitations, and potential extensions to e-mail sender authentication mechanisms.",
author = "Tatsuya Mori and Yousuke Takahashi and Kazumichi Sato and Keisuke Ishibashi",
year = "2011",
doi = "10.1145/2030376.2030380",
language = "English",
isbn = "9781450307888",
pages = "31--37",
booktitle = "ACM International Conference Proceeding Series",

}

TY - GEN

T1 - How is e-mail sender authentication used and misused?

AU - Mori, Tatsuya

AU - Takahashi, Yousuke

AU - Sato, Kazumichi

AU - Ishibashi, Keisuke

PY - 2011

Y1 - 2011

N2 - E-mail sender authentication is a promising way of verifying the sources of e-mail messages. Since today's primary e-mail sender authentication mechanisms are designed as fully decentralized architecture, it is crucial for e-mail operators to know how other organizations are using and misusing them. This paper addresses the question "How is the DNS Sender Policy Framework (SPF), which is the most popular e-mail sender authentication mechanism, used and misused in the wild?" To the best of our knowledge, this is the first extensive study addressing the fundamental question. This work targets both legitimate and spamming domain names and correlates them with multiple data sets, including the e-mail delivery logs collected from medium-scale enterprise networks and various IP reputation lists. We first present the adoption and usage of DNS SPF from both global and local viewpoints. Next, we present empirically why and how spammers leverage the SPF mechanism in an attempt to pass a simple SPF authentication test. We also present that non-negligible volume of legitimate messages originating from legitimate senders will be rejected or marked as potential spam with the SPF policy set by owners of legitimate domains. Our findings will help provide (1) e-mail operators with useful insights for setting adequate sender or receiver policies and (2) researchers with the detailed measurement data for understanding the feasibility, fundamental limitations, and potential extensions to e-mail sender authentication mechanisms.

AB - E-mail sender authentication is a promising way of verifying the sources of e-mail messages. Since today's primary e-mail sender authentication mechanisms are designed as fully decentralized architecture, it is crucial for e-mail operators to know how other organizations are using and misusing them. This paper addresses the question "How is the DNS Sender Policy Framework (SPF), which is the most popular e-mail sender authentication mechanism, used and misused in the wild?" To the best of our knowledge, this is the first extensive study addressing the fundamental question. This work targets both legitimate and spamming domain names and correlates them with multiple data sets, including the e-mail delivery logs collected from medium-scale enterprise networks and various IP reputation lists. We first present the adoption and usage of DNS SPF from both global and local viewpoints. Next, we present empirically why and how spammers leverage the SPF mechanism in an attempt to pass a simple SPF authentication test. We also present that non-negligible volume of legitimate messages originating from legitimate senders will be rejected or marked as potential spam with the SPF policy set by owners of legitimate domains. Our findings will help provide (1) e-mail operators with useful insights for setting adequate sender or receiver policies and (2) researchers with the detailed measurement data for understanding the feasibility, fundamental limitations, and potential extensions to e-mail sender authentication mechanisms.

UR - http://www.scopus.com/inward/record.url?scp=80053634685&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80053634685&partnerID=8YFLogxK

U2 - 10.1145/2030376.2030380

DO - 10.1145/2030376.2030380

M3 - Conference contribution

SN - 9781450307888

SP - 31

EP - 37

BT - ACM International Conference Proceeding Series

ER -