Analysis of security extension protocol in e-mail system

SHANG Jingjing; ZHU Yujia, LIU Qingyun

doi:10.11959/j.issn.2096-109x.2020083

网络与信息安全学报 (Dec 2020)

Analysis of security extension protocol in e-mail system

SHANG Jingjing,
ZHU Yujia, LIU Qingyun

Affiliations

SHANG Jingjing: School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100093, China ;National Engineering Laboratory for Information Security Technologies, Beijing 100093, China ; Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
ZHU Yujia, LIU Qingyun: National Engineering Laboratory for Information Security Technologies, Beijing 100093, China ;Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China

DOI: https://doi.org/10.11959/j.issn.2096-109x.2020083
Journal volume & issue: Vol. 6, no. 6
pp. 69 – 79

Abstract

Read online

E-mail is the main entry point for hackers to launch network attacks. Impersonating a trusted entity is an important means of e-mail forged. An attribute graph based on the e-mail authentication mechanism was built to measure the global adoption rate of e-mail security extension protocols for government agencies. Research on the deployment effect of security extension protocol was from three dimensions: e-mail content phishing, domain phishing, and letterhead phishing. The results show that about 70% of the SPF protocols are deployed in the mail systems of government agencies in various countries, and less than 30% of the DMARC protocol is deployed. The adoption rate of email identity detection is low. When forged e-mail gets in, the e-mail providers' warning mechanism for counterfeit emails need to be improved.

Published in 网络与信息安全学报

ISSN: 2096-109X (Print)
Publisher: POSTS&TELECOM PRESS Co., LTD
Country of publisher: China
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: http://www.infocomm-journal.com/cjnis/CN/2096-109X/home.shtml

About the journal

Abstract

Keywords