Email Security

BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet
This work proposes a BreakSPF attack framework, a newly discovered method for attackers to bypass the SPF protocol and launch email spoofing attacks.
Chuhan Wang, Yasuhiro Kuranaga, Yihang Wang, Mingming Zhang, Linkai Zheng, Xiang Li, Jianjun Chen, Haixin Duan, Yanzhong Lin, Qingfeng Pan
PDF Cite
BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet
A Large-scale and Longitudinal Measurement Study of DKIM Deployment
In this paper, we provide a large-scale and longitudinal measurement study on how well DKIM is deployed and managed. Our measurement results show that 28.1% of Alexa Top 1 million domains have enabled DKIM, of which 2.9% are misconfigured. We demonstrate that the issues of DKIM key management and DKIM signatures are prevalent in the real world, even for well-known email providers (e.g., Gmail and Mail.ru).
Chuhan Wang, Kaiwen Shen, Minglei Guo, Yuxuan Zhao, Mingming Zhang, Jianjun Chen, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin, Qingfeng Pan
PDF Cite Slides
A Large-scale and Longitudinal Measurement Study of DKIM Deployment
Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks
This paper systematically analyzes the transmission of an email and identifies a series of new attacks capable of bypassing SPF, DKIM, DMARC and user-interface protections. We conduct a largescale experiment on 30 popular email services and 23 email clients, and find that all of them are vulnerable to certain types of new attacks.
Kaiwen Shen, Chuhan Wang, Minglei Guo, Xiaofeng Zheng, Chaoyi Lu, Baojun Liu, Yuxuan Zhao, Shuang Hao, Haixin Duan, Qingfeng Pan, Min Yang
PDF Cite Slides
Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks