The robustness of new email identification standards

Patrik Ostrihon COMDOM Software
Reza Rajabiun COMDOM Software and York University

  download slides (PDF)

Vulnerabilities in email protocols allow spammers to readily hide their true identities. This has motivated a number of proposals to adopt new standards for authenticating messages. Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) represent two such proposals. Both mechanisms are nevertheless open to abuse by spammers. This paper analyses how spammers exploit SPF and DKIM to hide their true origins and send large volumes of advertisements, or more pernicious content, from compromised networks.

SPF provides domain owners with a range of rules for identifying who is authorized to use the particular domain name as a sender origin. These rules range from the very simple, such as elementary IP address listings, to complex rule-set definitions. With improper configuration of rules, spammers can misuse the settings, infiltrate a domain unrecognized, and send spam from that system. DKIM utilizes an electronic signature mechanism instead, but is also vulnerable to spamming techniques aiming to infiltrate and misguide the mechanism. The analysis shows neither approach credibly constrains the ability of spammers to cloak their identities and will only serve as complements to statistical content filters.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.