31th Annual Network and Distributed System Security Symposium | NDSS 2024

Abstract

Email spoofing attacks pose a severe threat to email systems by forging the sender’s address to deceive email recipients. Sender Policy Framework (SPF), an email authentication protocol that verifies senders by their IP addresses, is critical for preventing email spoofing attacks. However, attackers can bypass SPF validation and launch convincing spoofing attacks that evade email authentication.

This paper proposes BreakSPF, a novel attack framework that bypasses SPF validation to enable email spoofing. Attackers can actively target domains with permissive SPF configurations by utilizing cloud services, proxies, and content delivery networks (CDNs) with shared IP pools. We leverage BreakSPF to conduct a large-scale experiment evaluating the security of SPF deployment across Tranco top 1 million domain names. We uncover that 23,916 domains are vulnerable to BreakSPF attacks, including 23 domains that rank within the top 1,000 most popular domains. The results underscore the widespread SPF configuration vulnerabilities and their potential to undermine the security of email systems. Our study provides valuable insights for detecting and mitigating SPF vulnerabilities and strengthening email system security overall.

Date
Feb 26, 2024 9:00 AM — Mar 1, 2024 5:00 PM
Location
Catamaran Resort Hotel, San Diego, USA
3999 Mission Blvd, San Diego, 92109

It is my pleasure to have the opportunity to share our latest research work on email security live at NDSS Symposium 2024. Due to the Covid19, I didn’t have the chance to attend the international conference on site until this year.

I’m also glad to meet many old friends and make new friends here. Thanks you for the hospitality of Xintong, it’s great to see old classmates on the other side of the pacific!

A lot of interesting talks, nice beach and wonderful sunset. It was a great experience~

See you NDSS~ See you San Diego🏝️ Hope to see you again~

Moments

Chuhan Wang
Chuhan Wang
Ph.D. Candidate in Cyberspace Security (Tsinghua University)

Hello, I am Chuhan Wang, a 5th year PhD student at Network and Information Security Lab (NISL) of Tsinghua University, advised by Prof. Haixin Duan and Assistant Prof. Jianjun Chen. My research interests include Email Security, Network Security and Internet Measurement.