The Unintended Consequences of Email Spam Prevention

Sarah Scheffler*, Sean Smith, Yossi Gilad, Sharon Goldberg

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations


To combat Domain Name System (DNS) cache poisoning attacks and exploitation of the DNS as amplifier in denial of service (DoS) attacks, many recursive DNS resolvers are configured as “closed” and refuse to answer queries made by hosts outside of their organization. In this work, we present a technique to induce DNS queries within an organization, using the organization’s email service and the Sender Policy Framework (SPF) spam-checking mechanism. We use our technique to study closed resolvers. Our study reveals that most closed DNS resolvers have deployed common DNS poisoning defense techniques such as source port and transaction ID randomization. However, we also find that SPF is often deployed in a way that allows an external attacker to cause the organization’s resolver to issue numerous DNS queries to a victim IP address by sending a single email to any address within the organization’s domain, thereby providing a potential DoS vector.

Original languageAmerican English
Title of host publicationPassive and Active Measurement - 19th International Conference, PAM 2018, Proceedings
EditorsAnja Feldmann, Georgios Smaragdakis, Robert Beverly
PublisherSpringer Verlag
Number of pages12
ISBN (Print)9783319764801
StatePublished - 2018
Externally publishedYes
Event19th International Conference on Passive and Active Measurement, PAM 2018 - Berlin, Germany
Duration: 26 Mar 201827 Mar 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10771 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference19th International Conference on Passive and Active Measurement, PAM 2018

Bibliographical note

Publisher Copyright:
© 2018, Springer International Publishing AG, part of Springer Nature.


Dive into the research topics of 'The Unintended Consequences of Email Spam Prevention'. Together they form a unique fingerprint.

Cite this