The Unintended Consequences of Email Spam Prevention

Sarah Scheffler; Sean Smith; Yossi Gilad; Sharon Goldberg

doi:10.1007/978-3-319-76481-8_12

The Unintended Consequences of Email Spam Prevention

Sarah Scheffler, Sean Smith, Yossi Gilad, Sharon Goldberg

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

To combat Domain Name System (DNS) cache poisoning attacks and exploitation of the DNS as amplifier in denial of service (DoS) attacks, many recursive DNS resolvers are configured as “closed” and refuse to answer queries made by hosts outside of their organization. In this work, we present a technique to induce DNS queries within an organization, using the organization’s email service and the Sender Policy Framework (SPF) spam-checking mechanism. We use our technique to study closed resolvers. Our study reveals that most closed DNS resolvers have deployed common DNS poisoning defense techniques such as source port and transaction ID randomization. However, we also find that SPF is often deployed in a way that allows an external attacker to cause the organization’s resolver to issue numerous DNS queries to a victim IP address by sending a single email to any address within the organization’s domain, thereby providing a potential DoS vector.

Original language	English
Title of host publication	Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings
Editors	Anja Feldmann, Georgios Smaragdakis, Robert Beverly
Publisher	Springer Verlag
Pages	158-169
Number of pages	12
ISBN (Print)	9783319764801
DOIs	https://doi.org/10.1007/978-3-319-76481-8_12
State	Published - 2018
Externally published	Yes
Event	19th International Conference on Passive and Active Measurement, PAM 2018 - Berlin, Germany Duration: 26 Mar 2018 → 27 Mar 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10771 LNCS

Conference

Conference	19th International Conference on Passive and Active Measurement, PAM 2018
Country/Territory	Germany
City	Berlin
Period	26/03/18 → 27/03/18

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-319-76481-8_12

Cite this

Scheffler, S., Smith, S., Gilad, Y., & Goldberg, S. (2018). The Unintended Consequences of Email Spam Prevention. In A. Feldmann, G. Smaragdakis, & R. Beverly (Eds.), Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings (pp. 158-169). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10771 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-76481-8_12

Scheffler, Sarah ; Smith, Sean ; Gilad, Yossi et al. / The Unintended Consequences of Email Spam Prevention. Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings. editor / Anja Feldmann ; Georgios Smaragdakis ; Robert Beverly. Springer Verlag, 2018. pp. 158-169 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{b747fcd07cf54ecba96d374cfa56c1db,

title = "The Unintended Consequences of Email Spam Prevention",

abstract = "To combat Domain Name System (DNS) cache poisoning attacks and exploitation of the DNS as amplifier in denial of service (DoS) attacks, many recursive DNS resolvers are configured as “closed” and refuse to answer queries made by hosts outside of their organization. In this work, we present a technique to induce DNS queries within an organization, using the organization{\textquoteright}s email service and the Sender Policy Framework (SPF) spam-checking mechanism. We use our technique to study closed resolvers. Our study reveals that most closed DNS resolvers have deployed common DNS poisoning defense techniques such as source port and transaction ID randomization. However, we also find that SPF is often deployed in a way that allows an external attacker to cause the organization{\textquoteright}s resolver to issue numerous DNS queries to a victim IP address by sending a single email to any address within the organization{\textquoteright}s domain, thereby providing a potential DoS vector.",

author = "Sarah Scheffler and Sean Smith and Yossi Gilad and Sharon Goldberg",

note = "Publisher Copyright: {\textcopyright} 2018, Springer International Publishing AG, part of Springer Nature.; 19th International Conference on Passive and Active Measurement, PAM 2018 ; Conference date: 26-03-2018 Through 27-03-2018",

year = "2018",

doi = "10.1007/978-3-319-76481-8_12",

language = "الإنجليزيّة",

isbn = "9783319764801",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "158--169",

editor = "Anja Feldmann and Georgios Smaragdakis and Robert Beverly",

booktitle = "Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings",

address = "ألمانيا",

}

Scheffler, S, Smith, S, Gilad, Y & Goldberg, S 2018, The Unintended Consequences of Email Spam Prevention. in A Feldmann, G Smaragdakis & R Beverly (eds), Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10771 LNCS, Springer Verlag, pp. 158-169, 19th International Conference on Passive and Active Measurement, PAM 2018, Berlin, Germany, 26/03/18. https://doi.org/10.1007/978-3-319-76481-8_12

The Unintended Consequences of Email Spam Prevention. / Scheffler, Sarah; Smith, Sean; Gilad, Yossi et al.
Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings. ed. / Anja Feldmann; Georgios Smaragdakis; Robert Beverly. Springer Verlag, 2018. p. 158-169 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10771 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - The Unintended Consequences of Email Spam Prevention

AU - Scheffler, Sarah

AU - Smith, Sean

AU - Gilad, Yossi

AU - Goldberg, Sharon

PY - 2018

Y1 - 2018

N2 - To combat Domain Name System (DNS) cache poisoning attacks and exploitation of the DNS as amplifier in denial of service (DoS) attacks, many recursive DNS resolvers are configured as “closed” and refuse to answer queries made by hosts outside of their organization. In this work, we present a technique to induce DNS queries within an organization, using the organization’s email service and the Sender Policy Framework (SPF) spam-checking mechanism. We use our technique to study closed resolvers. Our study reveals that most closed DNS resolvers have deployed common DNS poisoning defense techniques such as source port and transaction ID randomization. However, we also find that SPF is often deployed in a way that allows an external attacker to cause the organization’s resolver to issue numerous DNS queries to a victim IP address by sending a single email to any address within the organization’s domain, thereby providing a potential DoS vector.

AB - To combat Domain Name System (DNS) cache poisoning attacks and exploitation of the DNS as amplifier in denial of service (DoS) attacks, many recursive DNS resolvers are configured as “closed” and refuse to answer queries made by hosts outside of their organization. In this work, we present a technique to induce DNS queries within an organization, using the organization’s email service and the Sender Policy Framework (SPF) spam-checking mechanism. We use our technique to study closed resolvers. Our study reveals that most closed DNS resolvers have deployed common DNS poisoning defense techniques such as source port and transaction ID randomization. However, we also find that SPF is often deployed in a way that allows an external attacker to cause the organization’s resolver to issue numerous DNS queries to a victim IP address by sending a single email to any address within the organization’s domain, thereby providing a potential DoS vector.

UR - http://www.scopus.com/inward/record.url?scp=85043594102&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-76481-8_12

DO - 10.1007/978-3-319-76481-8_12

M3 - منشور من مؤتمر

SN - 9783319764801

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 158

EP - 169

BT - Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings

A2 - Feldmann, Anja

A2 - Smaragdakis, Georgios

A2 - Beverly, Robert

PB - Springer Verlag

T2 - 19th International Conference on Passive and Active Measurement, PAM 2018

Y2 - 26 March 2018 through 27 March 2018

ER -

Scheffler S, Smith S, Gilad Y, Goldberg S. The Unintended Consequences of Email Spam Prevention. In Feldmann A, Smaragdakis G, Beverly R, editors, Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings. Springer Verlag. 2018. p. 158-169. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-76481-8_12

The Unintended Consequences of Email Spam Prevention

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Cite this