ABSTRACT
The SMTP protocol is responsible for carrying some of users' most intimate communication, but like other Internet protocols, authentication and confidentiality were added only as an afterthought. In this work, we present the first report on global adoption rates of SMTP security extensions, including: STARTTLS, SPF, DKIM, and DMARC. We present data from two perspectives: SMTP server configurations for the Alexa Top Million domains, and over a year of SMTP connections to and from Gmail. We find that the top mail providers (e.g., Gmail, Yahoo, and Outlook) all proactively encrypt and authenticate messages. However, these best practices have yet to reach widespread adoption in a long tail of over 700,000 SMTP servers, of which only 35% successfully configure encryption, and 1.1% specify a DMARC authentication policy. This security patchwork---paired with SMTP policies that favor failing open to allow gradual deployment---exposes users to attackers who downgrade TLS connections in favor of cleartext and who falsify MX records to reroute messages. We present evidence of such attacks in the wild, highlighting seven countries where more than 20% of inbound Gmail messages arrive in cleartext due to network attackers.
- Alexa Internet, Inc. Alexa Top 1,000,000 Sites. http://s3.amazonaws.com/alexa-static/top-1m.csv.zip.Google Scholar
- N. J. AlFardan, D. J. Bernstein, K. G. Paterson, B. Poettering, and J. C. Schuldt. On the security of RC4 in TLS. In 22nd USENIX Security Symposium, pages 305--320, Aug. 2013. Google ScholarDigital Library
- B. Arkin. Adobe important customer security announcement, Oct. 2013. http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html.Google Scholar
- J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayerj. OpenPGP message format. RFC 4880, 2007. https://www.ietf.org/rfc/rfc4880.txt.Google Scholar
- D. Campbell. Update on security incident and additional security measures, 2015. https://sendgrid.com/blog/update-on-security-incident-and-additional-security-measures/.Google Scholar
- Certificate Transparency, 2015. http://www.certificate-transparency.org/.Google Scholar
- Cisco. Cisco ASA 5500-X series next-generation firewalls, 2015. http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/index.html.Google Scholar
- Cisco. Cisco IOS Firewall, 2015. http://www.cisco.com/c/en/us/products/security/ios-firewall/index.html.Google Scholar
- Cisco. SMTP and ESMTP inspection overview, 2015. http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/inspect-basic.html#pgfId-2490137.Google Scholar
- L. Constantin. Yahoo email anti-spoofing policy breaks mailing lists, 2014. http://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-breaks-mailing-lists.html.Google Scholar
- D. Crocker, T. Hansen, and M. Kucherawy. DomainKeys Identified Mail (DKIM) signatures. RFC 6379, Sept. 2011. https://tools.ietf.org/html/rfc6376.Google Scholar
- D. Crocker and T. Zink. M3AAWG trust in email begins with authentication, 2015. https://www.m3aawg.org/sites/maawg/files/news/M3AAWG_Email_Authentication_Update-2015.pdf.Google Scholar
- H. Duan, N. Weaver, Z. Zhao, M. Hu, J. Liang, J. Jiang, K. Li, and V. Paxson. Hold-on: Protecting against on-path DNS poisoning. In Workshop on Securing and Trusting Internet Names, 2012.Google Scholar
- V. Dukhovni and W. Hardaker. SMTP security via opportunistic DANE TLS, July 2013. http://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane-12.Google Scholar
- Z. Durumeric, D. Adrian, J. Kasten, D. Springall, M. Bailey, and J. A. Halderman. POODLE attack and SSLv3 deployment, 2014. https://poodle.io.Google Scholar
- Z. Durumeric, D. Adrian, A. Mirian, M. Bailey, and J. A. Halderman. A search engine backed by Internet-wide scanning. In 22nd ACM Conference on Computer and Communications Security, Oct. 2015. Google ScholarDigital Library
- Z. Durumeric, M. Bailey, and J. A. Halderman. An Internet-wide view of Internet-wide scanning. In 23rd USENIX Security Symposium, Aug. 2014. Google ScholarDigital Library
- Z. Durumeric, J. Kasten, M. Bailey, and J. A. Halderman. Analysis of the HTTPS certificate ecosystem. In 13th ACM Internet Measurement Conference, Oct. 2013. Google ScholarDigital Library
- Z. Durumeric, E. Wustrow, and J. A. Halderman. ZMap: Fast Internet-wide scanning and its security applications. In 22nd USENIX Security Symposium, Aug. 2013. Google ScholarDigital Library
- P. Eckersley and J. Burns. An observatory for the SSLiverse. Talk at Defcon 18 (2010). https://www.eff.org/files/DefconSSLiverse.pdf.Google Scholar
- C. Evans, C. Palmer, and R. Sleevi. Public key pinning extension for HTTP. RFC 7469, 2015. http://tools.ietf.org/html/rfc7469.Google Scholar
- Facebook. The current state of SMTP STARTTLS deployment, May 2014. https://www.facebook.com/notes/protect-the-graph/the-current-state-of-smtp-starttls-deployment/1453015901605223/.Google Scholar
- Facebook. Massive growth in SMTP STARTTLS deployment, Aug. 2014. https://www.facebook.com/notes/protect-the-graph/massive-growth-in-smtp-starttls-deployment/1491049534468526.Google Scholar
- I. Foster, J. Larson, M. Masich, A. Snoeren, S. Savage, and K. Levchenko. Security by any other name: On the effectiveness of provider based email security. In 22nd ACM Conference on Computer and Communications Security, Oct. 2015. Google ScholarDigital Library
- Golden Frog. The FCC must prevent ISPs from blocking encryption. http://www.goldenfrog.com/blog/fcc-must-prevent-isps-blocking-encryption.Google Scholar
- N. Heninger. Factoring as a service. Rump session talk, Crypto 2013.Google Scholar
- N. Heninger, Z. Durumeric, E. Wustrow, and J. A. Halderman. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In 21st USENIX Security Symposium, Aug. 2012. Google ScholarDigital Library
- P. Hoffman. SMTP service extension for secure SMTP over transport layer security. RFC 3207, Feb. 2002. http://www.ietf.org/rfc/rfc3207.txt. Google ScholarDigital Library
- J. Hoffman-Andrews. Isps removing their customers' emai encryption. https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks.Google Scholar
- J. Hoffman-Andrews and P. Eckersley. STARTTLS everywhere, June 2014. https://github.com/EFForg/starttls-everywhere.Google Scholar
- R. Holz, L. Braun, N. Kammenhuber, and G. Carle. The SSL landscape: A thorough analysis of the X.509 PKI using active and passive measurements. In 11th ACM Internet Measurement Conference, 2011. Google ScholarDigital Library
- L.-S. Huang, S. Adhikarla, D. Boneh, and C. Jackson. An experimental study of TLS forward secrecy deployments. In Web 2.0 Security and Privacy (W2SP), 2014.Google Scholar
- S. Kitterman. Sender policy framework (SPF) for authorizing use of domains in email. RFC 7208, Apr. 2014. http://tools.ietf.org/html/rfc7208.Google Scholar
- J. Klensin. Simple mail transfer protocol. RFC 5321, Oct. 2008. http://tools.ietf.org/html/rfc5321.Google Scholar
- M. Kucherawy and E. Zwicky. Domain-based message authentication, reporting, and conformance (DMARC). RFC 7489, Mar. 2015. https://tools.ietf.org/html/rfc7489.Google Scholar
- G. Lowe, P. Winters, and M. L. Marcus. The great DNS wall of China. Technical report, New York University, Dec. 2007. http://cs.nyu.edu/~pcw216/work/nds/final.pdf.Google Scholar
- Microsoft. TLS functionality and related terminology, June 2014. http://technet.microsoft.com/en-us/library/bb430753%28v=exchg.150%29.aspx.Google Scholar
- Mozilla Developer Network. Mozilla Network Security Services (NSS). http://www.mozilla.org/projects/security/pki/nss/.Google Scholar
- Z. Nabi. The anatomy of web censorship in Pakistan. arXiv preprint arXiv:1307.1144, 2013.Google Scholar
- J. B. Postel. Simple mail transfer protocol. RFC 821, Aug. 1982. Google ScholarDigital Library
- http://www.postfix.org/postconf.5.html#smtp_tls_security_level.Google Scholar
- B. Ramsdell and S. Turner. Secure/multipurpose Internet mail extensions (S/MIME) version 3.2 message specification. RFC 5751, 2010. https://tools.ietf.org/html/rfc5751.Google Scholar
- S. Rijs and M. van der Meer. The state of StartTLS, June 2014. https://caldav.os3.nl/_media/2013--2014/courses/ot/magiel_sean2.pdf.Google Scholar
- Telecom Asia. Google, Yahoo SMTP email severs hit in thailand. http://www.telecomasia.net/content/google-yahoo-smtp-email-severs-hit-thailand.Google Scholar
- M. Vanhoef and F. Piessens. All your biases belong to us: Breaking RC4 in WPA-TKIP and TLS. In 24th USENIX Security Symposium, Aug. 2015. Google ScholarDigital Library
- Verisign Labs. DNSSEC scoreboard, 2015. http://scoreboard.verisignlabs.com/.Google Scholar
- J.-P. Verkamp and M. Gupta. Inferring mechanics of web censorship around the world. 3rd USENIX Workshop on Free and Open Communications on the Internet (FOCI), Aug. 2012Google Scholar
Index Terms
- Neither Snow Nor Rain Nor MITM...: An Empirical Analysis of Email Delivery Security
Recommendations
Measuring email sender validation in the wild
CoNEXT '21: Proceedings of the 17th International Conference on emerging Networking EXperiments and TechnologiesEmail is a critical Internet application, and its security is important. The Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) were developed to enable mail ...
The Evolution of DNS-based Email Authentication: Measuring Adoption and Finding Flaws
RAID '21: Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and DefensesEmail is still one of the most common ways of communication in our digital world, the underlying Simple Mail Transport Protocol (SMTP) is crucial for our information society. Back when SMTP was developed, security goals for the exchanged messages did ...
Security by Any Other Name: On the Effectiveness of Provider Based Email Security
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications SecurityEmail as we use it today makes no guarantees about message integrity, authenticity, or confidentiality. Users must explicitly encrypt and sign message contents using tools like PGP if they wish to protect themselves against message tampering, forgery, ...
Comments