Security by Any Other Name: On the Effectiveness of Provider Based Email Security

Email as we use it today makes no guarantees about message in-tegrity, authenticity, or confidentiality. Users must explicitly en-crypt and sign message contents using tools like PGP if they wish to protect themselves against message tampering, forgery, or eaves-dropping. However, few do, leaving the vast majority of users open to such attacks. Fortunately, transport-layer security mechanisms (available as extensions to SMTP, IMAP, POP3) provide some de-gree of protection against network-based eavesdropping attacks. At the same time, DKIM and SPF protect against network-based mes-sage forgery and tampering. In this work we evaluate the security provided by these proto-cols, both in theory and in practice. Using a combination of mea-surement techniques, we determine whether major providers sup-ports TLS at each point in their email message path, and whether they support SPF and DKIM on incoming and outgoing mail. We found that while more than half of the top 20,000 receiving MTAs supported TLS, and support for TLS is increasing, servers do not check certificates, opening the Internet email system up to man-in-the-middle eavesdropping attacks. At the same time, while use of SPF is common, enforcement is limited. Moreover, few of the senders we examined used DKIM, and fewer still rejected invalid DKIM signatures. Our findings show that the global email system provides some protection against passive eavesdropping, limited protection against unprivileged peer message forgery, and no pro-tection against active network-based attacks. We observe that pro-tection even against the latter is possible using existing protocols with proper enforcement. 1