Email has become a standard form of communication between businesses. With the prevalent use of email as a form of communication between businesses and customers, phishing emails have emerged as a popular social engineering approach. With phishing, attackers trick users into divulging their personal information through email spoofing. Thus, it is imperative to verify the sender of an email. Anti-spoofing mechanisms such as the Sender Policy Framework (SPF) have been developed as the first line of defense against spoofing by validating the source of an email as well as the presenting options of how to handle emails that fail to validate. However, deployment of SPF policies and SPF validation remains low. To understand the cost and benefit of deploying SPF, we have developed metrics to quantify its deployment and maintenance complexity through modeling. Our approach provides a way to visualize the SPF record of a given domain through the use of a graph. Using the developed model, we applied the metrics to both the current and historical SPF policy for the Alexa Top Sites for empirical study and historical trend analysis.
College and Department
Physical and Mathematical Sciences; Computer Science
BYU ScholarsArchive Citation
Tan, Eunice Zsu, "A Quantitative Study of the Deployment of the Sender Policy Framework" (2018). Theses and Dissertations. 7009.
SPF, Spoofing, DNS, SMTP