A simple yet effective spam blocking method
Proceedings of the 2nd international conference on Security of information and networks
On the effectiveness of IP reputation for spam filtering
COMSNETS'10 Proceedings of the 2nd international conference on COMmunication systems and NETworks
Extending black domain name list by using co-occurrence relation between DNS queries
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Building a dynamic reputation system for DNS
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Hi-index | 0.00 |
E-mail sender authentication is a promising way of verifying the sources of e-mail messages. Since today's primary e-mail sender authentication mechanisms are designed as fully decentralized architecture, it is crucial for e-mail operators to know how other organizations are using and misusing them. This paper addresses the question "How is the DNS Sender Policy Framework (SPF), which is the most popular e-mail sender authentication mechanism, used and misused in the wild?" To the best of our knowledge, this is the first extensive study addressing the fundamental question. This work targets both legitimate and spamming domain names and correlates them with multiple data sets, including the e-mail delivery logs collected from medium-scale enterprise networks and various IP reputation lists. We first present the adoption and usage of DNS SPF from both global and local viewpoints. Next, we present empirically why and how spammers leverage the SPF mechanism in an attempt to pass a simple SPF authentication test. We also present that non-negligible volume of legitimate messages originating from legitimate senders will be rejected or marked as potential spam with the SPF policy set by owners of legitimate domains. Our findings will help provide (1) e-mail operators with useful insights for setting adequate sender or receiver policies and (2) researchers with the detailed measurement data for understanding the feasibility, fundamental limitations, and potential extensions to e-mail sender authentication mechanisms.