电子邮件安全扩展协议应用分析

doi:10.11959/j.issn.2096-109x.2020083

Chinese Journal of Network and Information Security ›› 2020, Vol. 6 ›› Issue (6): 69-79.doi: 10.11959/j.issn.2096-109x.2020083

• Special Column:Network Application and Protection Technology • Previous Articles Next Articles

Analysis of security extension protocol in e-mail system

Jingjing SHANG^1,^2,³,Yujia ZHU^2,³(),Qingyun LIU^2,³

¹ School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100093,China
² National Engineering Laboratory for Information Security Technologies,Beijing 100093,China
³ Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China

Revised:2020-07-03 Online:2020-12-15 Published:2020-12-16
Supported by:
Chinese Academy of Sciences Strategic Pilot Project(XDC02030000);National Key R ＆ D Program(2016YFB0801300)

Abstract

Abstract:

E-mail is the main entry point for hackers to launch network attacks.Impersonating a trusted entity is an important means of e-mail forged.An attribute graph based on the e-mail authentication mechanism was built to measure the global adoption rate of e-mail security extension protocols for government agencies.Research on the deployment effect of security extension protocol was from three dimensions:e-mail content phishing,domain phishing,and letterhead phishing.The results show that about 70% of the SPF protocols are deployed in the mail systems of government agencies in various countries,and less than 30% of the DMARC protocol is deployed.The adoption rate of email identity detection is low.When forged e-mail gets in,the e-mail providers' warning mechanism for counterfeit emails need to be improved.

Key words: e-mail, security extension protocol, DKIM, SPF, DMARC

CLC Number:

TP393

Jingjing SHANG,Yujia ZHU,Qingyun LIU. Analysis of security extension protocol in e-mail system[J]. Chinese Journal of Network and Information Security, 2020, 6(6): 69-79.

Figures/Tables 10

References 14

[1]	POSTEL J B . Request for comments:number 821 simple mail transfer protocol[M]. RFC Editor, 1982.
[2]	FOSTER I D , LARSON J , MASICH M ,et al. Security by any other name:on the effectiveness of provider based email security[C]// ACM Conference on Computer and Communications Security (CCS). 2015: 450-464.
[3]	FREED N , BORENSTEIN N . Request for comments:number 2045 multipurpose internet mail extensions (MIME) part one:format of internet message bodies[M]. RFC Editor, 1996.
[4]	ATKINS D , STALLINGS W , ZIMMERMANN P . Request for comments:number 1991PGP message exchange formats[M]. RFC Editor, 1996.
[5]	RAMSDELL B . Request for comments:number 2633 S/MIME version 3 message specification[M]. RFC Editor, 1999.
[6]	HOFFMAN P E . Request for comments:number 3207 SMTP service extension for secure SMTP over transport layer security[M]. RFC Editor, 2002.
[7]	KITTERMAN S . Request for comments:number 7208 sender policy framework (SPF) for authorizing use of domains in email,version 1[M]. RFC Editor, 2014.
[8]	KUCHERAWY M , CROCKER D , HANSEN T . Request for comments:number 6376 domain keys identified mail (DKIM) signatures[M]. RFC Editor, 2001.
[9]	KUCHERAWY M , ZWICKY E . Request for comments:number 7489 domain-based message authentication,reporting,and conformance (DMARC)[M]. RFC Editor, 2015.
[10]	柏宗超, 姚健康, 孔宁 . 基于DANE的电子邮件安全研究[J]. 计算机系统应用, 2018,27(7): 73-79.
	BAI Z C , YAO J K , KONG N . Research on email security based on DANE[J]. Computer System Application, 2018,27(7): 73-79.
[11]	HOFFMAN P , SCHLYTER J . Request for comments:number 6698 the DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol:TLSA[M]. RFC Editor, 2012.
[12]	DURUMERIC Z , ADRIAN D , MIRIAN A ,et al. Neither snow nor rain nor MITM:an empirical analysis of email delivery security[C]// Internet Measurement Conference (IMC). 2015: 27-39.
[13]	HU H , WANG G . End-to-end measurements of email spoofing attacks[C]// USENIX Security Symposium (USENIX Security). 2018: 1095-1112.
[14]	HU H , PENG P , WANG G . Towards understanding the adoption of anti-spoofing protocols in email systems[C]// IEEE Secure Development Conference (SecDev). 2018: 94-101.

Metrics

Recommended 0

No Suggested Reading articles found!

参数	含义
v	DMARC版本号
p	接收邮件策略
ri	报告发送时间间隔
rua	发送综合反馈的邮件地址
ruf	发送消息详细故障信息的邮件地址

国家	邮箱域名个数/个
中国	750
美国	2 392
日本	360
俄罗斯	164

国家	有SPF记录	SPF记录无效	SPF策略为“-”	SPF策略为“~”	SPF策略为“?”	SPF策略为“+”
中国	40.00%	3.23%	55.64%	44.36%	0.00%	0.00%
美国	74.72%	7.68%	44.07%	45.49%	10.17%	0.27%
日本	93.33%	1.19%	58.01%	41.39%	0.60%	0.00%
俄罗斯	72.56%	2.52%	42.27%	54.64%	2.06%	1.03%

国家	有DMARC记录	DMARC记录无效	DMARC策略为none	DMARC策略为quarantine	DMARC策略为reject
中国	3.20%	0.00%	95.83%	0.00%	4.17%
美国	26.66%	9.58%	38.85%	6.83%	54.30%
日本	5.83%	28.57%	75.00%	0.00%	25.00%
俄罗斯	21.34%	20.00%	41.18%	14.71%	44.12%

邮件服务提供商	正常域				伪造域			伪造信头
	正常邮件	空邮件	钓鱼url	病毒附件	无DMARC	DMARC none	DMARC reject	同域	不同域
	正常邮件	空邮件	钓鱼url	病毒附件	垃圾内容无SPFSPF~	SPF-SPF~SPF-	SPF~SPF-	同域	不同域
126.com
139 com
263.net
gmall.com
rambler ru
rediff.co in
tocom
yeah.nct
tutanota.com
protonmall.com
inbox Iv
seznam.cz
runbox com
p.pl
interia.pl
op.pl
zoho.com
email.hu
onu com
nall con
fastmail com
orlet
189cn
foxmail.com
qq.com
21cn.com
mail,r
aol.com
yahoo.com
yandex.com
outlook.com
aliyun.com
juno.com
excite.com
sina.com
163.com
naver com
vip.sina.com

Analysis of security extension protocol in e-mail system

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 14

Related Articles 1

Metrics

Recommended 0