Top

Published in:

2018 | OriginalPaper | Chapter

The Unintended Consequences of Email Spam Prevention

Authors : Sarah Scheffler, Sean Smith, Yossi Gilad, Sharon Goldberg

Published in: Passive and Active Measurement

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

To combat Domain Name System (DNS) cache poisoning attacks and exploitation of the DNS as amplifier in denial of service (DoS) attacks, many recursive DNS resolvers are configured as “closed” and refuse to answer queries made by hosts outside of their organization. In this work, we present a technique to induce DNS queries within an organization, using the organization’s email service and the Sender Policy Framework (SPF) spam-checking mechanism. We use our technique to study closed resolvers. Our study reveals that most closed DNS resolvers have deployed common DNS poisoning defense techniques such as source port and transaction ID randomization. However, we also find that SPF is often deployed in a way that allows an external attacker to cause the organization’s resolver to issue numerous DNS queries to a victim IP address by sending a single email to any address within the organization’s domain, thereby providing a potential DoS vector.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Characterization of Collaborative Resolution in Recursive DNS Resolvers

next chapter In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements

Ballani, H., Francis, P.: Mitigating DNS DoS attacks. In: Proceedings of Computer and Communications Security, pp. 189–198. ACM (2008)

Borgwart, A., Shulman, H., Waidner, M.: Towards automated measurements of internet’s naming infrastructure. In: Software Science, Technology and Engineering (SWSTE), pp. 117–124. IEEE (2016)

The SPF Council. Sender Policy Framework, April 2014. http://www.openspf.org/

Dagon, D., Antonakakis, M., Vixie, P., Jinmei, T., Lee, W.: Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries. In: Proceedings of Computer and Communications Security, pp. 211–222. ACM (2008)

Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: King, S.T. (ed.) USENIX Security Symposium, pp. 605–620. USENIX Association (2013). ISBN:978-1-931971-03-4

Durumeric, Z., Adrian, D., Mirian, A., Kasten, J., Bursztein, E., Lidzborski, N., Thomas, K., Eranti, V., Bailey, M., Halderman, J.A.: Neither snow nor rain nor MITM: an empirical analysis of email delivery security. In: Internet Measurement Conference, pp. 27–39. ACM (2015). http://dl.acm.org/citation.cfm?id=2815675. ISBN:978-1-4503-3848-6

Foster, I.D., Larson, J., Masich, M., Snoeren, A.C., Savage, S., Levchenko, K.: Security by any other name: on the effectiveness of provider based email security. In: Proceedings of Computer and Communications Security, pp. 450–464. ACM (2015)

Gojmerac, I., Zwickl, P., Kovacs, G., Steindl, C.: Large-scale active measurements of DNS entries related to e-mail system security. In: International Conference on Communications, pp. 7426–7432, June 2015. https://doi.org/10.1109/ICC.2015.7249513

Herzberg, A.: DNS-based email sender authentication mechanisms: a critical review. Comput. Secur. 28(8), 731–742 (2009)CrossRef

10.

Holz, R., Amann, J., Mehani, O., Wachs, M., Kâafar, M.A.: TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication. CoRR, abs/1511.00341 (2015). http://arxiv.org/abs/1511.00341

11.

Hubert, A., van Mook, R.: Measures for Making DNS More Resilient against Forged Answers. RFC 5452 (Proposed Standard), January 2009. http://www.ietf.org/rfc/rfc5452.txt

12.

Huston, G.: IPv6 and the DNS, October 2016. https://blog.apnic.net/2016/10/20/ipv6-and-the-dns/

13.

Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S.: Detecting DNS amplification attacks. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141, pp. 185–196. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89173-4_16 CrossRef

14.

Kaminsky, D.: Its the End of the Cache as we Know It. Black-Hat USA (2008)

15.

Kitterman, S.: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1. RFC 7208 (Proposed Standard), April 2014. http://www.ietf.org/rfc/rfc7208.txt. Updated by RFC 7372

16.

Klein, A., Shulman, H., Waidner, M.: Internet-wide study of DNS cache injections. In: INFOCOM, pp. 1–9. IEEE (2017)

17.

Kührer, M., Hupperich, T., Rossow, C., Holz, T.: Exit from hell? Reducing the impact of amplification DDoS attacks. In: USENIX Security Symposium, pp. 111–125 (2014)

18.

Malatras, A., Coisel, I., Sanchez, I.: Technical recommendations for improving security of email communications. In: Information and Communication Technology, Electronics and Microelectronics, pp. 1381–1386. IEEE (2016)

19.

Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. ACM Trans. Comput. Syst. 24(2), 115–139 (2006)CrossRef

20.

Mori, T., Sato, K., Takahashi, Y., Ishibashi, K.: How is e-mail sender authentication used and misused? In: Proceedings of the 8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS 2011, pp. 31–37. ACM, New York (2011). http://doi.acm.org/10.1145/2030376.2030380. ISBN:978-1-4503-0788-8

21.

Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Comput. Commun. Rev. 31(3), 38–47 (2001)CrossRef

22.

Schlitt, W.: libspf2 - SPF Library. https://www.libspf2.org/

23.

Schomp, K., Callahan, T., Rabinovich, M., Allman, M.: On measuring the client-side DNS infrastructure. In: Proceedings of Internet Measurement Conference, pp. 77–90. ACM, New York (2013). http://doi.acm.org/10.1145/2504730.2504734. ISBN:978-1-4503-1953-9

24.

Sisson, G.: DNS Survey, The Measurement Factory, November 2010. http://dns.measurement-factory.com/surveys/201010/dns_survey_2010.pdf

25.

Wong, M., Schlitt, W.: Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1. RFC 4408 (Experimental), April 2006. Obsoleted by RFC 7208, updated by RFC 6652. http://www.ietf.org/rfc/rfc4408.txt

26.

Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)CrossRef

Title: The Unintended Consequences of Email Spam Prevention
Authors: Sarah Scheffler
Sean Smith
Yossi Gilad
Sharon Goldberg
Publisher: Springer International Publishing
Book: Passive and Active Measurement
Print ISBN: 978-3-319-76480-1

Electronic ISBN: 978-3-319-76481-8

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-76481-8_12

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner