Extended Abstract: A First Large-Scale Analysis on Usage of MTA-STS

Autor: Dennis Tatang, Robin Flume, Thorsten Holz
Rok vydání: 2021
Předmět:
Zdroj: Detection of Intrusions and Malware, and Vulnerability Assessment ISBN: 9783030808242
DIMVA
DOI: 10.1007/978-3-030-80825-9_18
Popis: Nowadays, email is still the most popular communication channel of the Internet. It is based on Simple Mail Transfer Protocol (SMTP), which lacks basic security properties such as confidentiality and authenticity despite its ever-growing importance. This results in spam and frequent phishing attacks, often with spoofed sender email addresses to appear more trustworthy, as well as non-encrypted transmissions by default. To address these known problems, additional protocols such as STARTTLS have been developed. STARTTLS enables transport encryption with Transport Layer Security (TLS) for SMTP sessions between two email servers. However, an attacker can take advantage of the fact that the encryption is opportunistic and the STARTTLS command is sent in plain. Therefore, it can be stripped out of the communication, resulting in an inevitable plaintext transmission of the email message itself. This attack is referred to as TLS downgrade. The new Mail Transfer Agent Strict Transport Security (MTA-STS) protocol targets the prevention of TLS downgrades for incoming SMTP sessions. In this paper, we conduct the first large-scale, longitudinal measurement study on the adoption of MTA-STS. We show that it is activated by 0.0124% out of 1.76 million scanned domains, with a lower bound of 45.4% for the growth of the adoption rate within five months.
Databáze: OpenAIRE