Towards the Adoption of Anti-spoofing Protocols
This addresses the problem of phishing for email users and administrators, but it is incremental as it builds on existing protocols and studies.
The paper investigated why email spoofing persists despite anti-spoofing protocols like SPF, DKIM, and DMARC, finding low adoption rates (e.g., 3.1% for DMARC) and identifying security and usability limitations in protocol design as key barriers.
Email spoofing is a critical step of phishing, where the attacker impersonates someone the victim knows or trusts. In this paper, we conduct a qualitative study to explore why email spoofing is still possible after years of efforts to develop and deploy anti-spoofing protocols (e.g., SPF, DKIM, DMARC). First, we measure the protocol adoption by scanning 1 million Internet domains. We find the adoption rates are still low, especially for the new DMARC (3.1%). Second, to understand the reasons behind the low-adoption rate, we collect 4293 discussion threads (25.7K messages) from the Internet Engineering Task Force (IETF), a working group formed to develop and promote Internet standards. Our analysis shows key security and usability limitations in the protocol design, which makes it difficult to generate a positive "net effect" for a wide adoption. We validate our results by interviewing email administrators and discuss key implications for future anti-spoofing solutions.