A Large-scale and Longitudinal Measurement Study of DKIM Deployment

Authors: 

Chuhan Wang, Kaiwen Shen, and Minglei Guo, Tsinghua University; Yuxuan Zhao, North China Institute of Computing Technology; Mingming Zhang, Jianjun Chen, and Baojun Liu, Tsinghua University; Xiaofeng Zheng and Haixin Duan, Tsinghua University and Qi An Xin Technology Research Institute; Yanzhong Lin and Qingfeng Pan, Coremail Technology Co. Ltd

Abstract: 

DomainKeys Identified Mail (DKIM) is an email authentication protocol to protect the integrity of email contents. It has been proposed and standardized for over a decade and adopted by Yahoo!, Google, and other leading email service providers. However, little has been done to understand the adoption rate and potential security issues of DKIM due to the challenges of measuring DKIM deployment at scale.

In this paper, we provide a large-scale and longitudinal measurement study on how well DKIM is deployed and managed. Our study was made possible by a broad collection of datasets, including 9.5 million DKIM records from passive DNS datasets over five years and 460 million DKIM signatures from real-world email headers. Moreover, we conduct an active measurement on Alexa Top 1 million domains. Our measurement results show that 28.1% of Alexa Top 1 million domains have enabled DKIM, of which 2.9% are misconfigured. We demonstrate that the issues of DKIM key management and DKIM signatures are prevalent in the real world, even for well-known email providers (e.g., Gmail and Mail.ru). We recommend the security community should pay more attention to the systemic problems of DKIM deployment and mitigate these issues from the perspective of protocol design.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {279894,
title = {A Large-scale and Longitudinal Measurement Study of {DKIM} Deployment},
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
year = {2022},
address = {Boston, MA},
url = {https://www.usenix.org/conference/usenixsecurity22/presentation/wang-chuhan},
publisher = {USENIX Association},
month = aug,
}