TY - GEN
T1 - Neither snow nor rain nor MITM⋯ An empirical analysis of email delivery security
AU - Durumeric, Zakir
AU - Adrian, David
AU - Mirian, Ariana
AU - Kasten, James
AU - Bursztein, Elie
AU - Lidzborski, Nicolas
AU - Thomas, Kurt
AU - Eranti, Vijay
AU - Bailey, Michael
AU - Halderman, J. Alex
N1 - Funding Information:
The authors thank Vern Paxson, Paul Pearce, Niels Provos, Eric Wustrow, and our shepherd, Alan Mislove, for their help and feedback. We thank the exceptional sysadmins at the University of Michigan for their help and support, including Chris Brenner, Kevin Cheek, Laura Fink, Dan Maletta, Jeff Richardson, Donald Welch, Don Winsor, and others from ITS, CAEN, and DCO. This material is based upon work supported by the National Science Foundation under grants CNS-1111699, CNS-1255153, CNS-1345254, CNS-1409505, CNS-1409758, and CNS-1518741, by the Google Ph.D. Fellowship in Computer Security, by the Morris Wellman Faculty Development Assistant Professorship, and by an Alfred P. Sloan Foundation Research Fellowship.
PY - 2015/10/28
Y1 - 2015/10/28
N2 - The SMTP protocol is responsible for carrying some of users' most intimate communication, but like other Internet protocols, authentication and confidentiality were added only as an afterthought. In this work, we present the first report on global adoption rates of SMTP security extensions, including: STARTTLS, SPF, DKIM, and DMARC. We present data from two perspectives: SMTP server configurations for the Alexa Top Million domains, and over a year of SMTP connections to and from Gmail. We find that the top mail providers (e.g., Gmail, Yahoo, and Outlook) all proactively encrypt and authenticate messages. However, these best practices have yet to reach widespread adoption in a long tail of over 700,000 SMTP servers, of which only 35% successfully configure encryption, and 1.1% specify a DMARC authentication policy. This security patchwork - paired with SMTP policies that favor failing open to allow gradual deployment - exposes users to attackers who downgrade TLS connections in favor of cleartext and who falsify MX records to reroute messages. We present evidence of such attacks in the wild, highlighting seven countries where more than 20% of inbound Gmail messages arrive in cleartext due to network attackers.
AB - The SMTP protocol is responsible for carrying some of users' most intimate communication, but like other Internet protocols, authentication and confidentiality were added only as an afterthought. In this work, we present the first report on global adoption rates of SMTP security extensions, including: STARTTLS, SPF, DKIM, and DMARC. We present data from two perspectives: SMTP server configurations for the Alexa Top Million domains, and over a year of SMTP connections to and from Gmail. We find that the top mail providers (e.g., Gmail, Yahoo, and Outlook) all proactively encrypt and authenticate messages. However, these best practices have yet to reach widespread adoption in a long tail of over 700,000 SMTP servers, of which only 35% successfully configure encryption, and 1.1% specify a DMARC authentication policy. This security patchwork - paired with SMTP policies that favor failing open to allow gradual deployment - exposes users to attackers who downgrade TLS connections in favor of cleartext and who falsify MX records to reroute messages. We present evidence of such attacks in the wild, highlighting seven countries where more than 20% of inbound Gmail messages arrive in cleartext due to network attackers.
KW - DKIM
KW - DMARC
KW - Email
KW - Mail
KW - SMTP
KW - SPF
KW - STARTTLS
KW - TLS
UR - http://www.scopus.com/inward/record.url?scp=84954144467&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84954144467&partnerID=8YFLogxK
U2 - 10.1145/2815675.2815695
DO - 10.1145/2815675.2815695
M3 - Conference contribution
AN - SCOPUS:84954144467
T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
SP - 27
EP - 39
BT - IMC 2015 - Proceedings of the 2015 ACM Internet Measurement Conference
PB - Association for Computing Machinery
T2 - ACM Internet Measurement Conference, IMC 2015
Y2 - 28 October 2015 through 30 October 2015
ER -