2023 International Forum for Security Research | Inforsec 2023

Abstract

In this paper, we provide a large-scale and longitudinal measurement study on how well DKIM is deployed and managed. Our measurement results show that 28.1% of Alexa Top 1 million domains have enabled DKIM, of which 2.9% are misconfigured. We demonstrate that the issues of DKIM key management and DKIM signatures are prevalent in the real world, even for well-known email providers (e.g., Gmail and Mail.ru).

Date
Apr 8, 2023 9:00 AM — Apr 9, 2023 5:00 PM
Location
Southern University of Science and Technology, Shenzhen, China
Southern University of Science and Technology, Shenzhen,

DomainKeys Identified Mail (DKIM) is an email authentication protocol to protect the integrity of email contents. It has been proposed and standardized for over a decade and adopted by Yahoo!, Google, and other leading email service providers. However, little has been done to understand the adoption rate and potential security issues of DKIM due to the challenges of measuring DKIM deployment at scale.
In this paper, we provide a large-scale and longitudinal measurement study on how well DKIM is deployed and managed. Our study was made possible by a broad collection of datasets, including 9.5 million DKIM records from passive DNS datasets over five years and 460 million DKIM signatures from real-world email headers. Moreover, we conduct an active measurement on Alexa Top 1 million domains. Our measurement results show that 28.1% of Alexa Top 1 million domains have enabled DKIM, of which 2.9% are misconfigured. We demonstrate that the issues of DKIM key management and DKIM signatures are prevalent in the real world, even for well-known email providers (e.g., Gmail and Mail.ru). We recommend the security community should pay more attention to the systemic problems of DKIM deployment and mitigate these issues from the perspective of protocol design.

We also proposed an online detection tool for email administrator, called “Nospoofing”. NoSpoofing: https://nospoofing.cn/

Chuhan Wang
Chuhan Wang
Ph.D. Candidate in Cyberspace Security (Tsinghua University)

Hello, I am Chuhan Wang, a 5th year PhD student at Network and Information Security Lab (NISL) of Tsinghua University, advised by Prof. Haixin Duan and Assistant Prof. Jianjun Chen. My research interests include Email Security, Network Security and Internet Measurement.