Litcius/Paper detail

The Evolution of DNS-based Email Authentication: Measuring Adoption and Finding Flaws

Dennis Tatang, Florian Zettl, Thorsten Holz

202113 citationsDOIOpen Access PDF

Abstract

Email is still one of the most common ways of communication in our digital world, the underlying Simple Mail Transport Protocol (SMTP) is crucial for our information society. Back when SMTP was developed, security goals for the exchanged messages did not play a major role in the protocol design, resulting in many types of design limitations and vulnerabilities. Especially spear-phishing campaigns take advantage of the fact that it is easy to spoof the originating email address to appear more trustworthy. Furthermore, trusted brands can be abused in email spam or phishing campaigns. Thus, if no additional authentication mechanisms protect a given domain, attackers can misuse the domain. To enable proper authentication, various extensions for SMTP were developed in the past years.

Topics & Concepts

PhishingEmail authenticationComputer securityAuthentication (law)Computer scienceBotnetDomain Name SystemTrustworthinessProtocol (science)Internet privacyDomain (mathematical analysis)Authentication protocolSimple (philosophy)World Wide WebThe InternetChallenge-Handshake Authentication ProtocolMedicinePhilosophyMathematical analysisEpistemologyMathematicsPathologyAlternative medicineInternet Traffic Analysis and Secure E-votingNetwork Security and Intrusion DetectionIPv6, Mobility, Handover, Networks, Security
The Evolution of DNS-based Email Authentication: Measuring Adoption and Finding Flaws | Litcius