Towards Understanding the Adoption of Anti-Spoofing Protocols in Email Systems

Email spoofing is a critical step in phishing attacks, where the attacker impersonates someone that the victim knows or trusts. Even today, email providers still face key challenges to detect or prevent spoofing, despite the years of efforts to design and develop anti-spoofing protocols (e.g., SPF, DKIM, DMARC). The key problem is that anti-spoofing protocols are not widely adopted, especially for the new DMARC protocol (5.1%). In this paper, we seek to understand the reasons behind the low adoption rates of anti-spoofing protocols. We conduct a user study with N=9 email administrators from different institutions to understand their perceptions towards anti-spoofing protocols. Our result suggests that email administrators are aware of and concerned about the technical weaknesses in SPF, DKIM, and DMARC that can easily cause errors (e.g., blocking legitimate emails). Email administrators believe the current protocol adoption lacks the crucial mass due to the protocol defects, weak incentives, and practical deployment challenges. Based on these results, we discuss the key implications to protocol designers, email providers and users, and future research directions to mitigate the email spoofing threats.