Email Spoofing & Backlashes
A. Ajina1, Ujwal kumar2
1A. Ajina, Department of Computer Science and Engineering, Sir M. Visvesvaraya Institute of Technology, Bangalore, India.
2Ujwal kumar, Department of Computer Science and Engineering, Sir M. Visvesvaraya Institute of Technology, Bangalore, India.
Manuscript received on 23 August 2019. | Revised Manuscript received on 15 September 2019. | Manuscript published on 30 September 2019. | PP: 1204-1209 | Volume-8 Issue-11, September 2019. | Retrieval Number: J93100881019/2019©BEIESP | DOI: 10.35940/ijitee.J9310.0981119
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: The email service is a core platform for Mass communication as a consequence of which, it becomes central Target of all the social engineering and phishing attacks. As a consequence, attackers can try to impersonate or fake a trusted identity to carry out highly sophisticated and deceptive phishing attacks via Email Spoofing. In this work, we analyze: (1) how different Email providers detect and deal with such attacks? (2) Existing protection techniques and what is its scope of effectiveness? (3) Under Which conditions do spoofed emails reach inbox and its potential consequences? (4) Best practices and Adaptability apart from existing methods to remain secure. We address this concern by considering the parameters of top 25 email services (Used by more than billions of users) and also real world experiments. The existing protocols, security layers and the restrictions based on detection methods. The scale of implications by allowing the forged emails to enter the inbox despite getting detected by layers of SPF, DKIM, DMARC and ARC. The extent of problems caused in different paradigms, and the potential of having just SMTP implemented without any additional security layers within the domains. The impact of Misleading UI for allowed spoofed emails by providers is also discussed briefly. We observe the impression of security when users are caught off guard in real world testing on domains (eg. Gmail, Hotmail, Yahoo mail, etc ) by simple platforms to spoof (eg. emkei.cz) apart from discussing the anomalous behavior of gmail as a response. We have conducted experiment to analyze behavior of top email domains against spoofed emails of various types.
Keywords: Authenticity, email, Spoofing, Protocols, Vulnerability.
Scope of the Article: