Abstract
With hundred billions of emails sent daily, the adoption of contemporary email security standards and best practices by the respective providers are of utmost importance to everyone of us. Leaving out the user-dependent measures, say, S/MIME and PGP, this work concentrates on the current security standards adopted in practice by providers to safeguard the communications among their SMTP servers. To this end, we developed a non-intrusive tool coined MECSA, which is publicly available as a web application service to anyone who wishes to instantly assess the security status of their email provider regarding both the inbound and outbound communication channels. By capitalising on the data collected by MECSA over a period of 15 months, that is, ≈7,650 assessments, analysing a total of 3,236 unique email providers, we detail on the adoption rate of state-of-the-art email security extensions, including STARTTLS, SPF, DKIM, DMARC, and MTA-STS. Our results indicate a clear increase in encrypted connections and in the use of SPF, but also considerable retardation in the penetration rate of the rest of the standards. This tardiness is further aggravated by the still low prevalence of DNSSEC, which is also appraised for the email security space in the context of this work.
Highlights
Email has its technological roots in the pre-Internet era with the ratification of RFC 821, namely, the Simple Mail Transfer Protocol (SMTP) in the early 80’s
This means that My Email Communications Security Assessment’’ (MECSA) manages to evaluate all the available Mail Transfer Agent (MTA) of a certain domain in a non-intrusive, mostly passive manner, this typically requires more time to be fulfilled for the outbound channel; it depends on how many users of the same email domain will submit evaluation requests to MECSA and reply to the received email
INBOUND CHANNEL Recall from section III-A that all checks in the inbound channel apply to all the MTAs per unique domain, as advertised in the corresponding DNS Mail Exchanger (MX) RRs, if any, or in the A type DNS RR if none MX RR is present
Summary
Email has its technological roots in the pre-Internet era with the ratification of RFC 821, namely, the Simple Mail Transfer Protocol (SMTP) in the early 80’s. The Internet has proved to be a fertile ground for the proliferation of an endless number of digital services that have revolutionised virtually every aspect of public and private life In line with this evolution, today, email is still massively used [1] as a traditional communication channel to complement the current ecosystem of modern similar services, including the plethora of mobile messengers and chat apps. The MTA is the process within an SMTP server that takes care of receiving emails, either from the MSA, or another MTA, and delivering them, either to another MTA or the Mail Delivery Agent (MDA) The latter entity, which is known as the Local Delivery Agent, filters and possibly stores the email message into the mailbox. The term ‘‘MTA’’ is used to generally refer to all server-side operations
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
