Abstract

Email has become a standard form of communication between businesses. With the prevalent use of email as a form of communication between businesses and customers, phishing emails have emerged as a popular social engineering approach. With phishing, attackers trick users into divulging their personal information through email spoofing. Thus, it is imperative to verify the sender of an email. Anti-spoofing mechanisms such as the Sender Policy Framework (SPF) have been developed as the first line of defense against spoofing by validating the source of an email as well as the presenting options of how to handle emails that fail to validate. However, deployment of SPF policies and SPF validation remains low. To understand the cost and benefit of deploying SPF, we have developed metrics to quantify its deployment and maintenance complexity through modeling. Our approach provides a way to visualize the SPF record of a given domain through the use of a graph. Using the developed model, we applied the metrics to both the current and historical SPF policy for the Alexa Top Sites for empirical study and historical trend analysis.

Degree

MS

College and Department

Physical and Mathematical Sciences; Computer Science

Rights

http://lib.byu.edu/about/copyright/

Date Submitted

2018-10-01

Document Type

Thesis

Handle

http://hdl.lib.byu.edu/1877/etd10375

Keywords

SPF, Spoofing, DNS, SMTP

Language

english

Download

Share

COinS