A team of researchers, including CSE graduate students Zakir Durumeric, David Adrian, James Kasten, CS student Ariana Mirian, and Prof. J. Alex Halderman have received The Applied Networking Research Prize (ANRP) for their paper, "Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security".
In the paper, the researchers present the first report on global adoption rates of SMTP email security extensions, including: STARTTLS, SPF, DKIM, and DMARC. These security extensions are used by consumers to authenticate senders or encrypt mail in transit. Their data is presented from SMTP server configurations from the Alexa Top million domains and from SMTP connections to and from Gmail.
The researchers found that only 82% of the 700,000 SMTP servers support TLS, only 35% are configured properly to allow server authentication, and 1.1% specify a DMARC authentication policy. They believe that low adoption stems in part from two of the three most popular SMTP software platforms failing to protect messages with TLS by default.
They show evidence of the attacks and highlight seven countries where more than 20% of inbound Gmail messages arrive in cleartext due to network attackers. In the paper, the researchers propose ways to secure email transport and suggest directions for new research to improve email security.
The Applied Networking Research Prize (ANRP) recognizes the best new ideas in networking, and bring them to the IETF and IRTF especially in cases where they would not otherwise see much exposure or discussion. The ANRP is awarded for recent results in applied networking research that are relevant for transitioning into shipping Internet products and related standardization efforts.
Posted: December 15, 2015