KIT | KIT-Bibliothek | Impressum | Datenschutz

From Matrix to Metrics: Introducing and Applying a Configuration Matrix to Evaluate DMARC Policies

Länge, Tobias ORCID iD icon; Ballreich, Fabian Lucas ORCID iD icon; Hennig, Anne ORCID iD icon; Mayer, Peter ORCID iD icon; Volkamer, Melanie ORCID iD icon

Abstract (englisch):

Email spoofing, the practice of sending illegitimate messages that appear to come from a legitimate sender, is a phishing technique frequently employed by attackers. In an effort to prevent such phishing, anti-spoofing mechanisms like DMARC were introduced and have been examined in the research community with respect to describing adoption rates, policies used, and potential problems. However, prior research has not yet taken into account all aspects of DMARC when evaluating how effectively configurations prevent spoofing attacks. To address this research gap, we developed a utility-oriented configuration matrix – focusing on the anti-spoofing effectiveness of different DMARC configurations – and provide clear recommendations for selecting the appropriate configuration. We then collected data from the Tranco Top-100k list daily for a duration of eight months and applied our classification to the collected data. Our analyses of the collected data reveals how configurations evolve over time and provides insights into the actual deployment of DMARC in practice. This allows us to identify potential issues that hinder the adoption of more secure configurations and to identify the most common errors in invalid DMARC records found in the wild, which could serve as a basis for enhancing the DMARC standard. ... mehr


Originalveröffentlichung
DOI: 10.14722/madweb.2026.23031
Zugehörige Institution(en) am KIT Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Publikationsdatum 27.02.2026
Sprache Englisch
Identifikator ISBN: 978-1-970672-06-0
KITopen-ID: 1000190860
HGF-Programm 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems
Erschienen in Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) 2026 : Co-located with NDSS Symposium 2026, San Diego, CA, 23rd February - 27th February 2026
Veranstaltung Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb 2026), San Diego, CA, USA, 23.02.2026 – 27.02.2026
Externe Relationen Abstract/Volltext
KIT – Die Universität in der Helmholtz-Gemeinschaft
KITopen Landing Page