Chinese Journal of Network and Information Security ›› 2020, Vol. 6 ›› Issue (6): 69-79.doi: 10.11959/j.issn.2096-109x.2020083

• Special Column:Network Application and Protection Technology • Previous Articles     Next Articles

Analysis of security extension protocol in e-mail system

Jingjing SHANG1,2,3,Yujia ZHU2,3(),Qingyun LIU2,3   

  1. 1 School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100093,China
    2 National Engineering Laboratory for Information Security Technologies,Beijing 100093,China
    3 Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China
  • Revised:2020-07-03 Online:2020-12-15 Published:2020-12-16
  • Supported by:
    Chinese Academy of Sciences Strategic Pilot Project(XDC02030000);National Key R & D Program(2016YFB0801300)

Abstract:

E-mail is the main entry point for hackers to launch network attacks.Impersonating a trusted entity is an important means of e-mail forged.An attribute graph based on the e-mail authentication mechanism was built to measure the global adoption rate of e-mail security extension protocols for government agencies.Research on the deployment effect of security extension protocol was from three dimensions:e-mail content phishing,domain phishing,and letterhead phishing.The results show that about 70% of the SPF protocols are deployed in the mail systems of government agencies in various countries,and less than 30% of the DMARC protocol is deployed.The adoption rate of email identity detection is low.When forged e-mail gets in,the e-mail providers' warning mechanism for counterfeit emails need to be improved.

Key words: e-mail, security extension protocol, DKIM, SPF, DMARC

CLC Number: