Stress Testing the DMARC Reporting System: Compliance with Standards and Ways of Improvement - DRAKKAR
Communication Dans Un Congrès Année : 2024

Stress Testing the DMARC Reporting System: Compliance with Standards and Ways of Improvement

Résumé

The DMARC reporting system enables domain name owners to receive failure and aggregate reports from email receivers to get insight into email authentication failures or unauthorized domain usage and take measures against phishing and spoofing attacks. In this paper, we test DMARC reporting of main Email Service Providers (ESPs) and show that most of them do not comply with the RFC specification, especially with respect to the generation of failure reports and external destination verification. We also analyze more than 40,000 DMARC aggregate reports and show that 94.93% of them do not follow the correct report syntax defined in RFC 7489. Finally, we provide recommendations for improving the DMARC reporting strategy.
Fichier sous embargo
Fichier sous embargo
0 5 20
Année Mois Jours
Avant la publication
mercredi 11 juin 2025
Fichier sous embargo
mercredi 11 juin 2025
Connectez-vous pour demander l'accès au fichier

Dates et versions

hal-04832277 , version 1 (11-12-2024)

Licence

Identifiants

Citer

Olivier Hureau, Andrzej Duda, Maciej Korczyński. Stress Testing the DMARC Reporting System: Compliance with Standards and Ways of Improvement. CoNEXT '24: The 20th International Conference on emerging Networking EXperiments and Technologies, Dec 2024, Los Angeles, CA, United States. pp.1-9, ⟨10.1145/3680121.3697809⟩. ⟨hal-04832277⟩
0 Consultations
0 Téléchargements

Altmetric

Partager

More