Neither Snow Nor Rain Nor MITM ... An Empirical Analysis of Email Delivery Security
Venue
Proceedings of the Internet Measurement Conferene (2015)
Publication Year
2015
Authors
Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Elie Bursztein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, J. Alex Halderman
BibTeX
Abstract
The SMTP protocol is responsible for carrying some of users most intimate
communication, but like other Internet protocols, authentication and
confidentiality were added only as an afterthought. In this work, we present the
first report on global adoption rates of SMTP security extensions, including:
STARTTLS, SPF, DKIM, and DMARC. We present data from two perspectives: SMTP server
configurations for the Alexa Top Million domains, and over a year of SMTP
connections to and from Gmail. We find that the top mail providers (e.g., Gmail,
Yahoo, and Outlook) all proactively encrypt and authenticate messages. However,
these best practices have yet to reach widespread adoption in a long tail of over
700,000 SMTP servers, of which only 35% successfully configure encryption, and 1.1%
specify a DMARC authentication policy. This security patchwork -- paired with SMTP
policies that favor failing open to allow gradual deployment -- exposes users to
attackers who downgrade TLS connections in favor of cleartext and who falsify MX
records to reroute messages. We present evidence of such attacks in the wild,
highlighting seven countries where more than 20% of inbound Gmail messages arrive
in cleartext due to network attackers.
