Analysis of security extension protocol in e-mail system

doi:10.11959/j.issn.2096-109x.2020083

Abstract

Abstract:

E-mail is the main entry point for hackers to launch network attacks.Impersonating a trusted entity is an important means of e-mail forged.An attribute graph based on the e-mail authentication mechanism was built to measure the global adoption rate of e-mail security extension protocols for government agencies.Research on the deployment effect of security extension protocol was from three dimensions:e-mail content phishing,domain phishing,and letterhead phishing.The results show that about 70% of the SPF protocols are deployed in the mail systems of government agencies in various countries,and less than 30% of the DMARC protocol is deployed.The adoption rate of email identity detection is low.When forged e-mail gets in,the e-mail providers' warning mechanism for counterfeit emails need to be improved.

Key words: e-mail, security extension protocol, DKIM, SPF, DMARC

CLC Number:

TP393

Jingjing SHANG,Yujia ZHU,Qingyun LIU. Analysis of security extension protocol in e-mail system[J]. Chinese Journal of Network and Information Security, 2020, 6(6): 69-79.

Figures/Tables 10

References 14

[1]	POSTEL J B . Request for comments:number 821 simple mail transfer protocol[M]. RFC Editor, 1982.
[2]	FOSTER I D , LARSON J , MASICH M ,et al. Security by any other name:on the effectiveness of provider based email security[C]// ACM Conference on Computer and Communications Security (CCS). 2015: 450-464.
[3]	FREED N , BORENSTEIN N . Request for comments:number 2045 multipurpose internet mail extensions (MIME) part one:format of internet message bodies[M]. RFC Editor, 1996.
[4]	ATKINS D , STALLINGS W , ZIMMERMANN P . Request for comments:number 1991PGP message exchange formats[M]. RFC Editor, 1996.
[5]	RAMSDELL B . Request for comments:number 2633 S/MIME version 3 message specification[M]. RFC Editor, 1999.
[6]	HOFFMAN P E . Request for comments:number 3207 SMTP service extension for secure SMTP over transport layer security[M]. RFC Editor, 2002.
[7]	KITTERMAN S . Request for comments:number 7208 sender policy framework (SPF) for authorizing use of domains in email,version 1[M]. RFC Editor, 2014.
[8]	KUCHERAWY M , CROCKER D , HANSEN T . Request for comments:number 6376 domain keys identified mail (DKIM) signatures[M]. RFC Editor, 2001.
[9]	KUCHERAWY M , ZWICKY E . Request for comments:number 7489 domain-based message authentication,reporting,and conformance (DMARC)[M]. RFC Editor, 2015.
[10]	柏宗超, 姚健康, 孔宁 . 基于DANE的电子邮件安全研究[J]. 计算机系统应用, 2018,27(7): 73-79.
	BAI Z C , YAO J K , KONG N . Research on email security based on DANE[J]. Computer System Application, 2018,27(7): 73-79.
[11]	HOFFMAN P , SCHLYTER J . Request for comments:number 6698 the DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol:TLSA[M]. RFC Editor, 2012.
[12]	DURUMERIC Z , ADRIAN D , MIRIAN A ,et al. Neither snow nor rain nor MITM:an empirical analysis of email delivery security[C]// Internet Measurement Conference (IMC). 2015: 27-39.
[13]	HU H , WANG G . End-to-end measurements of email spoofing attacks[C]// USENIX Security Symposium (USENIX Security). 2018: 1095-1112.
[14]	HU H , PENG P , WANG G . Towards understanding the adoption of anti-spoofing protocols in email systems[C]// IEEE Secure Development Conference (SecDev). 2018: 94-101.

参数	含义
v	DMARC版本号
p	接收邮件策略
ri	报告发送时间间隔
rua	发送综合反馈的邮件地址
ruf	发送消息详细故障信息的邮件地址

参数	含义
v	DMARC版本号
p	接收邮件策略
ri	报告发送时间间隔
rua	发送综合反馈的邮件地址
ruf	发送消息详细故障信息的邮件地址

国家	邮箱域名个数/个
中国	750
美国	2 392
日本	360
俄罗斯	164

国家	邮箱域名个数/个
中国	750
美国	2 392
日本	360
俄罗斯	164

国家	有SPF记录	SPF记录无效	SPF策略为“-”	SPF策略为“~”	SPF策略为“?”	SPF策略为“+”
中国	40.00%	3.23%	55.64%	44.36%	0.00%	0.00%
美国	74.72%	7.68%	44.07%	45.49%	10.17%	0.27%
日本	93.33%	1.19%	58.01%	41.39%	0.60%	0.00%
俄罗斯	72.56%	2.52%	42.27%	54.64%	2.06%	1.03%