Abstract
Nowadays, email is still the most popular communication channel of the Internet. It is based on Simple Mail Transfer Protocol (SMTP), which lacks basic security properties such as confidentiality and authenticity despite its ever-growing importance. This results in spam and frequent phishing attacks, often with spoofed sender email addresses to appear more trustworthy, as well as non-encrypted transmissions by default. To address these known problems, additional protocols such as STARTTLS have been developed. STARTTLS enables transport encryption with Transport Layer Security (TLS) for SMTP sessions between two email servers. However, an attacker can take advantage of the fact that the encryption is opportunistic and the STARTTLS command is sent in plain. Therefore, it can be stripped out of the communication, resulting in an inevitable plaintext transmission of the email message itself. This attack is referred to as TLS downgrade. The new Mail Transfer Agent Strict Transport Security (MTA-STS) protocol targets the prevention of TLS downgrades for incoming SMTP sessions. In this paper, we conduct the first large-scale, longitudinal measurement study on the adoption of MTA-STS. We show that it is activated by 0.0124% out of 1.76 million scanned domains, with a lower bound of 45.4% for the growth of the adoption rate within five months.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
We informed the domain operators and the issue was solved for both.
References
Chung, T., et al.: A longitudinal, end-to-end view of the \(\{\)DNSSEC\(\}\) ecosystem. In: USENIX Security Symposium (2017)
Clark, J.W., Snyder, P., McCoy, D., Kanich, C.: “I saw images i didn’t even know i had” understanding user perceptions of cloud storage privacy. In: ACM Conference on Human Factors in Computing Systems (2015)
Dukhovni, V.: Real World DANE Inter-domain email transport. https://static.ptbl.co/static/attachments/169319/1520904692.pdf
Dukhovni, V., Hardaker, W.: DANE/SMTP Usage Report. https://www.isi.edu/~hardaker/presentations/2019-06-DANE-hardaker-dukhovni.pdf
Durumeric, Z., et al.: Neither snow nor rain nor MITM... an empirical analysis of email delivery security. In: ACM SIGCOMM Internet Measurement Conference (IMC) (2015)
EFF: NSA Spying. https://www.eff.org/nsa-spying
Foster, I.D., Larson, J., Masich, M., Snoeren, A.C., Savage, S., Levchenko, K.: Security by any other name: on the effectiveness of provider based email security. In: ACM Conference on Computer and Communications Security (CCS) (2015)
Email encryption in transit. https://transparencyreport.google.com/safer-email/overview
Holz, R., Amann, J., Mehani, O., Wachs, M., Kaafar, M.A.: Tls in the wild: an internet-wide analysis of TLS-based protocols for electronic communication. In: Symposium on Network and Distributed System Security (NDSS) (2016)
Hu, H., Wang, G.: End-to-end measurements of email spoofing attacks. In: USENIX Security Symposium (2018)
Le Pochat, V., Van Goethem, T., Tajalizadehkhoob, S., Joosen, W.: Tranco: a research-oriented top sites ranking hardened against manipulation. In: Symposium on Network and Distributed System Security (NDSS) (2019)
Lidzborski, N., Kardas, N.: Gmail making email more secure with MTA-STS standard. https://security.googleblog.com/2019/04/gmail-making-email-more-secure-with-mta.html
Margolis, D., Brotman, A., Ramakrishnan, B., Jones, J., Risher, M.: SMTP TLS Reporting. RFC 8460, September 2018. https://doi.org/10.17487/RFC8460. https://rfc-editor.org/rfc/rfc8460.txt
Margolis, D., Risher, M., Ramakrishnan, B., Brotman, A., Jones, J.: SMTP MTA Strict Transport Security (MTA-STS). RFC 8461, September 2018. https://doi.org/10.17487/RFC8461. https://rfc-editor.org/rfc/rfc8461.txt
Osterweil, E., Massey, D., Zhang, L.: Deploying and monitoring DNS security (DNSSEC). In: Annual Computer Security Applications Conference (ACSAC) (2009)
Mail (MX) Server Survey, 1 November 2019. http://www.securityspace.com/s_survey/data/man.201910/mxsurvey.html
Shulman, H., Waidner, M.: One key to sign them all considered vulnerable: evaluation of \(\{\)DNSSEC\(\}\) in the internet. In: USENIX Symposium on Networked Systems Design and Implementation (NSDI) (2017)
Sieg, S.: Serverlist. https://dismail.de/serverlist.html
Snyder, P., Kanich, C.: Cloudsweeper: enabling data-centric document management for secure cloud archives. In: ACM Workshop on Cloud Computing Security Workshop (2013)
SocketLabs Becomes the First Email Service Provider to Embrace MTA-STS Encryption. https://www.socketlabs.com/press/socketlabs-becomes-the-first-email-service-provider-to-embrace-mta-sts-encryption/
Wander, M.: Measurement survey of server-side DNSSEC adoption. In: Network Traffic Measurement and Analysis Conference (TMA) (2017)
Zorz, J.: More DANE/DNSSEC/TLS Testing From Go6lab. https://www.internetsociety.org/blog/2015/06/more-dane-dnssec-tls-testing-from-go6lab/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Tatang, D., Flume, R., Holz, T. (2021). Extended Abstract: A First Large-Scale Analysis on Usage of MTA-STS. In: Bilge, L., Cavallaro, L., Pellegrino, G., Neves, N. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2021. Lecture Notes in Computer Science(), vol 12756. Springer, Cham. https://doi.org/10.1007/978-3-030-80825-9_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-80825-9_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-80824-2
Online ISBN: 978-3-030-80825-9
eBook Packages: Computer ScienceComputer Science (R0)