Skip to main content
SpringerLink
Log in

The Unintended Consequences of Email Spam Prevention

  • Conference paper
  • First Online:
Passive and Active Measurement (PAM 2018)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 10771))

Included in the following conference series:

Abstract

To combat Domain Name System (DNS) cache poisoning attacks and exploitation of the DNS as amplifier in denial of service (DoS) attacks, many recursive DNS resolvers are configured as “closed” and refuse to answer queries made by hosts outside of their organization. In this work, we present a technique to induce DNS queries within an organization, using the organization’s email service and the Sender Policy Framework (SPF) spam-checking mechanism. We use our technique to study closed resolvers. Our study reveals that most closed DNS resolvers have deployed common DNS poisoning defense techniques such as source port and transaction ID randomization. However, we also find that SPF is often deployed in a way that allows an external attacker to cause the organization’s resolver to issue numerous DNS queries to a victim IP address by sending a single email to any address within the organization’s domain, thereby providing a potential DoS vector.

S. Smith and Y. Gilad—Work conducted while at Boston University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ballani, H., Francis, P.: Mitigating DNS DoS attacks. In: Proceedings of Computer and Communications Security, pp. 189–198. ACM (2008)

    Google Scholar 

  2. Borgwart, A., Shulman, H., Waidner, M.: Towards automated measurements of internet’s naming infrastructure. In: Software Science, Technology and Engineering (SWSTE), pp. 117–124. IEEE (2016)

    Google Scholar 

  3. The SPF Council. Sender Policy Framework, April 2014. http://www.openspf.org/

  4. Dagon, D., Antonakakis, M., Vixie, P., Jinmei, T., Lee, W.: Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries. In: Proceedings of Computer and Communications Security, pp. 211–222. ACM (2008)

    Google Scholar 

  5. Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: King, S.T. (ed.) USENIX Security Symposium, pp. 605–620. USENIX Association (2013). ISBN:978-1-931971-03-4

    Google Scholar 

  6. Durumeric, Z., Adrian, D., Mirian, A., Kasten, J., Bursztein, E., Lidzborski, N., Thomas, K., Eranti, V., Bailey, M., Halderman, J.A.: Neither snow nor rain nor MITM: an empirical analysis of email delivery security. In: Internet Measurement Conference, pp. 27–39. ACM (2015). http://dl.acm.org/citation.cfm?id=2815675. ISBN:978-1-4503-3848-6

  7. Foster, I.D., Larson, J., Masich, M., Snoeren, A.C., Savage, S., Levchenko, K.: Security by any other name: on the effectiveness of provider based email security. In: Proceedings of Computer and Communications Security, pp. 450–464. ACM (2015)

    Google Scholar 

  8. Gojmerac, I., Zwickl, P., Kovacs, G., Steindl, C.: Large-scale active measurements of DNS entries related to e-mail system security. In: International Conference on Communications, pp. 7426–7432, June 2015. https://doi.org/10.1109/ICC.2015.7249513

  9. Herzberg, A.: DNS-based email sender authentication mechanisms: a critical review. Comput. Secur. 28(8), 731–742 (2009)

    Article  Google Scholar 

  10. Holz, R., Amann, J., Mehani, O., Wachs, M., Kâafar, M.A.: TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication. CoRR, abs/1511.00341 (2015). http://arxiv.org/abs/1511.00341

  11. Hubert, A., van Mook, R.: Measures for Making DNS More Resilient against Forged Answers. RFC 5452 (Proposed Standard), January 2009. http://www.ietf.org/rfc/rfc5452.txt

  12. Huston, G.: IPv6 and the DNS, October 2016. https://blog.apnic.net/2016/10/20/ipv6-and-the-dns/

  13. Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S.: Detecting DNS amplification attacks. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141, pp. 185–196. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89173-4_16

    Chapter  Google Scholar 

  14. Kaminsky, D.: Its the End of the Cache as we Know It. Black-Hat USA (2008)

    Google Scholar 

  15. Kitterman, S.: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1. RFC 7208 (Proposed Standard), April 2014. http://www.ietf.org/rfc/rfc7208.txt. Updated by RFC 7372

  16. Klein, A., Shulman, H., Waidner, M.: Internet-wide study of DNS cache injections. In: INFOCOM, pp. 1–9. IEEE (2017)

    Google Scholar 

  17. Kührer, M., Hupperich, T., Rossow, C., Holz, T.: Exit from hell? Reducing the impact of amplification DDoS attacks. In: USENIX Security Symposium, pp. 111–125 (2014)

    Google Scholar 

  18. Malatras, A., Coisel, I., Sanchez, I.: Technical recommendations for improving security of email communications. In: Information and Communication Technology, Electronics and Microelectronics, pp. 1381–1386. IEEE (2016)

    Google Scholar 

  19. Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. ACM Trans. Comput. Syst. 24(2), 115–139 (2006)

    Article  Google Scholar 

  20. Mori, T., Sato, K., Takahashi, Y., Ishibashi, K.: How is e-mail sender authentication used and misused? In: Proceedings of the 8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS 2011, pp. 31–37. ACM, New York (2011). http://doi.acm.org/10.1145/2030376.2030380. ISBN:978-1-4503-0788-8

  21. Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Comput. Commun. Rev. 31(3), 38–47 (2001)

    Article  Google Scholar 

  22. Schlitt, W.: libspf2 - SPF Library. https://www.libspf2.org/

  23. Schomp, K., Callahan, T., Rabinovich, M., Allman, M.: On measuring the client-side DNS infrastructure. In: Proceedings of Internet Measurement Conference, pp. 77–90. ACM, New York (2013). http://doi.acm.org/10.1145/2504730.2504734. ISBN:978-1-4503-1953-9

  24. Sisson, G.: DNS Survey, The Measurement Factory, November 2010. http://dns.measurement-factory.com/surveys/201010/dns_survey_2010.pdf

  25. Wong, M., Schlitt, W.: Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1. RFC 4408 (Experimental), April 2006. Obsoleted by RFC 7208, updated by RFC 6652. http://www.ietf.org/rfc/rfc4408.txt

  26. Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)

    Article  Google Scholar 

Download references

Acknowledgements

We thank Jared Mauch for contributing the machines we used to scan the Internet address space for MTAs and store our results. Sharon Goldberg thanks Haya Shulman for useful discussions about DNS resolvers and email. This research was supported, in part, by NSF grants 414119 and 1350733.

Author information

Authors and Affiliations

  1. Boston University, Boston, USA

    Sarah Scheffler, Sean Smith, Yossi Gilad & Sharon Goldberg

  2. Massachusetts Institute of Technology, Cambridge, USA

    Yossi Gilad

  3. Amazon Technologies, Inc., Chicago, USA

    Sean Smith

Authors
  1. Sarah Scheffler
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sean Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yossi Gilad
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sharon Goldberg
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sarah Scheffler .

Editor information

Editors and Affiliations

  1. Naval Postgraduate School, Monterey, California, USA

    Robert Beverly

  2. Technical University of Berlin, Berlin, Germany

    Georgios Smaragdakis

  3. Max Planck Institute for Informatics, Saarbrücken, Germany

    Anja Feldmann

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Scheffler, S., Smith, S., Gilad, Y., Goldberg, S. (2018). The Unintended Consequences of Email Spam Prevention. In: Beverly, R., Smaragdakis, G., Feldmann, A. (eds) Passive and Active Measurement. PAM 2018. Lecture Notes in Computer Science(), vol 10771. Springer, Cham. https://doi.org/10.1007/978-3-319-76481-8_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-76481-8_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-76480-1

  • Online ISBN: 978-3-319-76481-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation