Paper Info
Title
Neither Snow Nor Rain Nor MITM...: An Empirical Analysis of Email Delivery Security
Abstract
The SMTP protocol is responsible for carrying some of users' most intimate communication, but like other Internet protocols, authentication and confidentiality were added only as an afterthought. In this work, we present the first report on global adoption rates of SMTP security extensions, including: STARTTLS, SPF, DKIM, and DMARC. We present data from two perspectives: SMTP server configurations for the Alexa Top Million domains, and over a year of SMTP connections to and from Gmail. We find that the top mail providers (e.g., Gmail, Yahoo, and Outlook) all proactively encrypt and authenticate messages. However, these best practices have yet to reach widespread adoption in a long tail of over 700,000 SMTP servers, of which only 35% successfully configure encryption, and 1.1% specify a DMARC authentication policy. This security patchwork---paired with SMTP policies that favor failing open to allow gradual deployment---exposes users to attackers who downgrade TLS connections in favor of cleartext and who falsify MX records to reroute messages. We present evidence of such attacks in the wild, highlighting seven countries where more than 20% of inbound Gmail messages arrive in cleartext due to network attackers.
Year
DOI
Venue
2015
10.1145/2815675.2815695
Internet Measurement Conference
Keywords
Field
DocType
SMTP, Email, Mail, TLS, STARTTLS, DKIM, SPF, DMARC
Internet privacy,DomainKeys Identified Mail,Man-in-the-middle attack,Authentication,Computer science,Computer security,Botnet,Server,Computer network,Encryption,Backscatter (email),Plaintext
Conference
Citations 
PageRank 
References 
23
0.93
10
Authors
10
Name
Order
Citations
PageRank
Zakir Durumeric193548.86
David Adrian222211.07
Ariana Mirian31217.26
James Kasten425712.19
Elie Bursztein578747.53
Nicolas Lidzborski6230.93
Kurt Thomas7118956.78
Vijay Eranti8230.93
Michael Bailey9133578.22
J. Alex Halderman102301149.67