Neither snow nor rain nor MITM⋯ An empirical analysis of email delivery security

Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Elie Bursztein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, J. Alex Halderman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The SMTP protocol is responsible for carrying some of users' most intimate communication, but like other Internet protocols, authentication and confidentiality were added only as an afterthought. In this work, we present the first report on global adoption rates of SMTP security extensions, including: STARTTLS, SPF, DKIM, and DMARC. We present data from two perspectives: SMTP server configurations for the Alexa Top Million domains, and over a year of SMTP connections to and from Gmail. We find that the top mail providers (e.g., Gmail, Yahoo, and Outlook) all proactively encrypt and authenticate messages. However, these best practices have yet to reach widespread adoption in a long tail of over 700,000 SMTP servers, of which only 35% successfully configure encryption, and 1.1% specify a DMARC authentication policy. This security patchwork - paired with SMTP policies that favor failing open to allow gradual deployment - exposes users to attackers who downgrade TLS connections in favor of cleartext and who falsify MX records to reroute messages. We present evidence of such attacks in the wild, highlighting seven countries where more than 20% of inbound Gmail messages arrive in cleartext due to network attackers.

Original languageEnglish (US)
Title of host publicationIMC 2015 - Proceedings of the 2015 ACM Internet Measurement Conference
PublisherAssociation for Computing Machinery
Pages27-39
Number of pages13
ISBN (Electronic)9781450338486
DOIs
StatePublished - Oct 28 2015
EventACM Internet Measurement Conference, IMC 2015 - Tokyo, Japan
Duration: Oct 28 2015Oct 30 2015

Publication series

NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
Volume2015-October

Other

OtherACM Internet Measurement Conference, IMC 2015
Country/TerritoryJapan
CityTokyo
Period10/28/1510/30/15

Keywords

  • DKIM
  • DMARC
  • Email
  • Mail
  • SMTP
  • SPF
  • STARTTLS
  • TLS

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Neither snow nor rain nor MITM⋯ An empirical analysis of email delivery security'. Together they form a unique fingerprint.

Cite this