NexTech 2021 Congress
October 03, 2021 to October 07, 2021 - Barcelona, Spain

  • UBICOMM 2021, The Fifteenth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies
  • ADVCOMP 2021, The Fifteenth International Conference on Advanced Engineering Computing and Applications in Sciences
  • SEMAPRO 2021, The Fifteenth International Conference on Advances in Semantic Processing
  • AMBIENT 2021, The Eleventh International Conference on Ambient Computing, Applications, Services and Technologies
  • EMERGING 2021, The Thirteenth International Conference on Emerging Networks and Systems Intelligence
  • DATA ANALYTICS 2021, The Tenth International Conference on Data Analytics
  • GLOBAL HEALTH 2021, The Tenth International Conference on Global Health Challenges
  • CYBER 2021, The Sixth International Conference on Cyber-Technologies and Cyber-Systems

SoftNet 2021 Congress
October 03, 2021 to October 07, 2021 - Barcelona, Spain

  • ICSEA 2021, The Sixteenth International Conference on Software Engineering Advances
  • ICSNC 2021, The Sixteenth International Conference on Systems and Networks Communications
  • CENTRIC 2021, The Fourteenth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services
  • VALID 2021, The Thirteenth International Conference on Advances in System Testing and Validation Lifecycle
  • SIMUL 2021, The Thirteenth International Conference on Advances in System Simulation
  • SOTICS 2021, The Eleventh International Conference on Social Media Technologies, Communication, and Informatics
  • INNOV 2021, The Tenth International Conference on Communications, Computation, Networks and Technologies
  • HEALTHINFO 2021, The Sixth International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing

NetWare 2021 Congress
November 14, 2021 to November 18, 2021 - Athens, Greece

  • SENSORCOMM 2021, The Fifteenth International Conference on Sensor Technologies and Applications
  • SENSORDEVICES 2021, The Twelfth International Conference on Sensor Device Technologies and Applications
  • SECURWARE 2021, The Fifteenth International Conference on Emerging Security Information, Systems and Technologies
  • AFIN 2021, The Thirteenth International Conference on Advances in Future Internet
  • CENICS 2021, The Fourteenth International Conference on Advances in Circuits, Electronics and Micro-electronics
  • ICQNM 2021, The Fifteenth International Conference on Quantum, Nano/Bio, and Micro Technologies
  • FASSI 2021, The Seventh International Conference on Fundamentals and Advances in Software Systems Integration
  • GREEN 2021, The Sixth International Conference on Green Communications, Computing and Technologies

TrendNews 2021 Congress
November 14, 2021 to November 18, 2021 - Athens, Greece

  • CORETA 2021, Advances on Core Technologies and Applications
  • DIGITAL 2021, Advances on Societal Digital Transformation

 


ThinkMind // International Journal On Advances in Internet Technology, volume 13, numbers 1 and 2, 2020 // View article inttech_v13_n12_2020_4


"Objection, Your Honor!"': False Positive Detection in Sender Domain Authentication by Utilizing the DMARC Reports

Authors:
Kanako Konno
Naoya Kitagawa
Nariyoshi Yamai

Keywords: Spoofed e-mail; SPF; DKIM; DMARC; Clustering

Abstract:
Information leakage and phishing scams caused by spoofed e-mails have become serious problems, particularly in the fields of business and e-commerce. Sender domain authentications, such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC), are effective countermeasures against spoofed e-mails. In particular, DMARC is one of the most effective methods of sender domain authentication. However, sender domain authentication methods erroneously classify legitimate e-mails, such as forwarded e-mails, as malicious e-mails. Because sender domain authentication is usually processed prior to content filtering, the fact that sender domain authentications generate a large number of false positives is a serious problem. In this paper, we propose a method to detect false positive deliveries in sender domain authentications based on the legitimacy of the senders' IP addresses by adapting X-means clustering to the reports generated by the reporting function of DMARC. Our approach consists of three phases: DMARC report summarization, X-means clustering, and legitimate sender detection. Applied to actual DMARC reports, we found that our method detected 214,153 e-mails on average sent from 347 legitimate senders' IP addresses on average as legitimate e-mails per day. We evaluate our results focusing on the legitimate deliveries sent from the detected legitimate senders and the detected false positives generated by existing sender domain authentications. The evaluation results confirmed that our method can detect large numbers of legitimate e-mails, including the false positive e-mails, such as forwarded e-mails, which cannot be correctly identified using existing sender domain authentication technologies.

Pages: 35 to 45

Copyright: Copyright (c) to authors, 2020. Used with permission.

Publication date: June 30, 2020

Published in: journal

ISSN: 1942-2652

SERVICES CONTACT
2010 - 2017 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.