EN-Bypass: a security assessment method on e-mail user interface notification
Email plays an important role in people’s daily communications, while also attracts the attention of hackers.Email is frequently used in phishing attacks, with email sender spoofing being a key step.To prevent sender-spoofing attacks, email vendors often deploy email security protocols such as SPF,...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2023-06-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023041 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529590562947072 |
|---|---|
| author | Jingyi YUAN Zichuan LI Guojun PENG |
| author_facet | Jingyi YUAN Zichuan LI Guojun PENG |
| author_sort | Jingyi YUAN |
| collection | DOAJ |
| description | Email plays an important role in people’s daily communications, while also attracts the attention of hackers.Email is frequently used in phishing attacks, with email sender spoofing being a key step.To prevent sender-spoofing attacks, email vendors often deploy email security protocols such as SPF, DKIM, and DMARC to verify the sender’s identity.Moreover, some vendors add email UI notification mechanism on email clients to help users identify the real sender.However, there is no uniform standard in the implementation of the email UI notification mechanism, which varies among vendors.Whether the mechanism effectively prevents sender-spoofing attacks still needs verification.In this paper, the security evaluation of the email UI notification mechanism was studied to gain better understanding of its efficacy and to eventually protect users from sender-spoofing attacks.Ten world-famous email services were researched and evaluated, of which seven deployed the email UI notification mechanism.Consequently, a new type of sender-spoofing attack was proposed which was called EN-Bypass, aiming to bypass the email UI notification mechanism by forging the “From” and “Sender” fields in the email header.To verify the email UI notification mechanism’s security and reliability, EmailSenderChecker was implemented, which can automatically evaluate the existence of the EN-Bypass attack.The result shows that all seven email service vendors suffer from EN-Bypass attack.Attackers could bypass the email UI notification mechanism by constructing special email headers and spoofing the sender.Finally, to improve the mail service security, three suggestions about the email UI notification mechanism were proposed for the mail service vendors. |
| format | Article |
| id | doaj-art-1edd7609ae8348289aaf7b803f350cb0 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2023-06-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-1edd7609ae8348289aaf7b803f350cb02025-01-15T03:16:37ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2023-06-0199010159578342EN-Bypass: a security assessment method on e-mail user interface notificationJingyi YUANZichuan LIGuojun PENGEmail plays an important role in people’s daily communications, while also attracts the attention of hackers.Email is frequently used in phishing attacks, with email sender spoofing being a key step.To prevent sender-spoofing attacks, email vendors often deploy email security protocols such as SPF, DKIM, and DMARC to verify the sender’s identity.Moreover, some vendors add email UI notification mechanism on email clients to help users identify the real sender.However, there is no uniform standard in the implementation of the email UI notification mechanism, which varies among vendors.Whether the mechanism effectively prevents sender-spoofing attacks still needs verification.In this paper, the security evaluation of the email UI notification mechanism was studied to gain better understanding of its efficacy and to eventually protect users from sender-spoofing attacks.Ten world-famous email services were researched and evaluated, of which seven deployed the email UI notification mechanism.Consequently, a new type of sender-spoofing attack was proposed which was called EN-Bypass, aiming to bypass the email UI notification mechanism by forging the “From” and “Sender” fields in the email header.To verify the email UI notification mechanism’s security and reliability, EmailSenderChecker was implemented, which can automatically evaluate the existence of the EN-Bypass attack.The result shows that all seven email service vendors suffer from EN-Bypass attack.Attackers could bypass the email UI notification mechanism by constructing special email headers and spoofing the sender.Finally, to improve the mail service security, three suggestions about the email UI notification mechanism were proposed for the mail service vendors.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023041e-maile-mail securitysender spoofingsecurity extension protocol |
| spellingShingle | Jingyi YUAN Zichuan LI Guojun PENG EN-Bypass: a security assessment method on e-mail user interface notification 网络与信息安全学报 e-mail security sender spoofing security extension protocol |
| title | EN-Bypass: a security assessment method on e-mail user interface notification |
| title_full | EN-Bypass: a security assessment method on e-mail user interface notification |
| title_fullStr | EN-Bypass: a security assessment method on e-mail user interface notification |
| title_full_unstemmed | EN-Bypass: a security assessment method on e-mail user interface notification |
| title_short | EN-Bypass: a security assessment method on e-mail user interface notification |
| title_sort | en bypass a security assessment method on e mail user interface notification |
| topic | e-mail e-mail security sender spoofing security extension protocol |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023041 |
| work_keys_str_mv | AT jingyiyuan enbypassasecurityassessmentmethodonemailuserinterfacenotification AT zichuanli enbypassasecurityassessmentmethodonemailuserinterfacenotification AT guojunpeng enbypassasecurityassessmentmethodonemailuserinterfacenotification |