{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:32:12Z","timestamp":1760239932080,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":46,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032079008","type":"print"},{"value":"9783032079015","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T00:00:00Z","timestamp":1760227200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T00:00:00Z","timestamp":1760227200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-07901-5_8","type":"book-chapter","created":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:29:48Z","timestamp":1760185788000},"page":"147-168","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Email Cloaking: Deceiving Users and\u00a0Spam Email Detectors with\u00a0Invisible HTML Settings"],"prefix":"10.1007","author":[{"given":"Bingyang","family":"Guo","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mingxuan","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yihui","family":"Ma","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ruixuan","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fan","family":"Shi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Min","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Baojun","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chengxi","family":"Xu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Geng","family":"Hong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Min","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qingfeng","family":"Pan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,10,12]]},"reference":[{"key":"8_CR1","doi-asserted-by":"crossref","unstructured":"Abu-Nimeh, S., Nappa, D., Wang, X., Nair, S.: A comparison of machine learning techniques for phishing detection. In: Cranor, L.F. (ed.) Proceedings of the Anti-Phishing Working Groups 2nd Annual eCrime Researchers Summit 2007, Pittsburgh, Pennsylvania, USA, 4\u20135 October 2007. ACM International Conference Proceeding Series, ACM (2007)","DOI":"10.1145\/1299015.1299021"},{"key":"8_CR2","first-page":"1","volume":"4871","author":"E Allman","year":"2007","unstructured":"Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, J., Thomas, M.: Domainkeys identified mail (DKIM) signatures. RFC 4871, 1\u201371 (2007)","journal-title":"RFC"},{"key":"8_CR3","unstructured":"Ashiq, M.I., Li, W., Fiebig, T., Chung, T.: You\u2019ve got report: measurement and security implications of $$\\{$$DMARC$$\\}$$ reporting. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 4123\u20134137 (2023)"},{"key":"8_CR4","unstructured":"Bergholz, A., Chang, J.H., Paass, G., Reichartz, F., Strobel, S.: Improved phishing detection using model-based features. In: CEAS 2008 - The Fifth Conference on Email and Anti-Spam, Mountain View, California, USA, 21\u201322 August 2008 (2008)"},{"key":"8_CR5","doi-asserted-by":"crossref","unstructured":"Betts, L., Biddle, R., Lottridge, D., Russello, G.: Exploring content concealment in email. In: 2024 APWG Symposium on Electronic Crime Research (eCrime) (2024)","DOI":"10.1109\/eCrime66200.2024.00011"},{"key":"8_CR6","unstructured":"for the Protection of Human Subjects\u00a0of Biomedical, U.S.N.C., Research, B.: The Belmont report: ethical principles and guidelines for the protection of human subjects of research. Department of Health, Education and Welfare (1979)"},{"key":"8_CR7","unstructured":"Cidon, A., Gavish, L., Bleier, I., Korshun, N., Schweighauser, M., Tsitkin, A.: High precision detection of business email compromise. In: Heninger, N., Traynor, P. (eds.) 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, 14\u201316 August 2019, pp. 1291\u20131307. USENIX Association (2019)"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"Crocker, D., Hansen, T., Kucherawy, M.: Domainkeys identified mail (dkim) signatures. Technical report (2011)","DOI":"10.17487\/rfc6376"},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"Czybik, S., Horlboge, M., Rieck, K.: Lazy gatekeepers: a large-scale study on SPF configuration in the wild. In: Montpetit, M., Leivadeas, A., Uhlig, S., Javed, M. (eds.) Proceedings of the 2023 ACM on Internet Measurement Conference, IMC 2023, Montreal, QC, Canada, 24\u201326 October 2023, pp. 344\u2013355. ACM (2023)","DOI":"10.1145\/3618257.3624827"},{"key":"8_CR10","first-page":"1","volume":"7671","author":"V Dukhovni","year":"2015","unstructured":"Dukhovni, V., Hardaker, W.: The dns-based authentication of named entities (DANE) protocol: updates and operational guidance. RFC 7671, 1\u201333 (2015)","journal-title":"RFC"},{"key":"8_CR11","doi-asserted-by":"crossref","unstructured":"Duman, S., Kalkan-Cakmakci, K., Egele, M., Robertson, W.K., Kirda, E.: Emailprofiler: spearphishing filtering with header and stylometric features of emails. In: 40th IEEE Annual Computer Software and Applications Conference, COMPSAC 2016, Atlanta, USA, 10\u201314 June 2016, pp. 408\u2013416. IEEE Computer Society","DOI":"10.1109\/COMPSAC.2016.105"},{"key":"8_CR12","unstructured":"Elias, B.: What is an email preheader and how can it increase email open rates? (2023). https:\/\/www.activecampaign.com\/blog\/email-preheader"},{"key":"8_CR13","unstructured":"EmailLabs: Email marketing statistics and metrics (2007). http:\/\/www.emaillabs.com\/tools\/email-marketing-statistics.html"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Fette, I., Sadeh, N.M., Tomasic, A.: Learning to detect phishing emails. In: Williamson, C.L., Zurko, M.E., Patel-Schneider, P.F., Shenoy, P.J. (eds.) Proceedings of the 16th International Conference on World Wide Web, WWW 2007, Banff, Alberta, Canada, 8\u201312 May 2007, pp. 649\u2013656. ACM (2007)","DOI":"10.1145\/1242572.1242660"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Garera, S., Provos, N., Chew, M., Rubin, A.D.: A framework for detection and measurement of phishing attacks. In: Proceedings of the 2007 ACM Workshop on Recurring Malcode, pp.\u00a01\u20138 (2007)","DOI":"10.1145\/1314389.1314391"},{"key":"8_CR16","unstructured":"Global Anti-Scam Alliance (GASA): The global state of scams - 2023 (2023). https:\/\/www.gasa.org\/_files\/ugd\/7bdaac_b0d2ac61904941aeb4cbf0217aa355d2.pdf"},{"key":"8_CR17","unstructured":"Google: Understanding Gmail\u2019s spam filters (2022). https:\/\/workspace.google.com\/blog\/identity-and-security\/an-overview-of-gmails-spam-filters"},{"key":"8_CR18","unstructured":"Guenter, B.: Spam archive. https:\/\/untroubled.org\/spam\/"},{"key":"8_CR19","unstructured":"Ho, G., et al.: Detecting and characterizing lateral phishing at scale. In: Heninger, N., Traynor, P. (eds.) 28th USENIX Security Symposium 2019, Santa Clara, CA, USA, 14\u201316 August 2019, pp. 1273\u20131290. USENIX Association (2019)"},{"key":"8_CR20","unstructured":"Ho, G., Sharma, A., Javed, M., Paxson, V., Wagner, D.A.: Detecting credential spearphishing in enterprise settings. In: Kirda, E., Ristenpart, T. (eds.) 26th USENIX Security Symposium 2017, Vancouver, BC, Canada, 16\u201318 August 2017, pp. 469\u2013485. USENIX Association (2017)"},{"key":"8_CR21","first-page":"1","volume":"3207","author":"PE Hoffman","year":"2002","unstructured":"Hoffman, P.E.: SMTP service extension for secure SMTP over transport layer security. RFC 3207, 1\u20139 (2002)","journal-title":"RFC"},{"key":"8_CR22","unstructured":"Hu, H., Wang, G.: End-to-end measurements of email spoofing attacks. In: Enck, W., Felt, A.P. (eds.) 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, 15\u201317 August 2018, pp. 1095\u20131112. USENIX Association (2018)"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Hu, X., Li, B., Zhang, Y., Zhou, C., Ma, H.: Detecting compromised email accounts from the perspective of graph topology. In: Proceedings of the 11th International Conference on Future Internet Technologies, CFI, Nanjing, China, 15\u201317 June 2016. ACM","DOI":"10.1145\/2935663.2935672"},{"issue":"2","key":"8_CR24","doi-asserted-by":"publisher","first-page":"1145","DOI":"10.1007\/s10462-022-10195-4","volume":"56","author":"F J\u00e1\u00f1ez-Martino","year":"2023","unstructured":"J\u00e1\u00f1ez-Martino, F., Ala\u00edz-Rodr\u00edguez, R., Gonz\u00e1lez-Castro, V., Fidalgo, E., Alegre, E.: A review of spam email detection: analysis of spammer strategies and the dataset shift problem. Artif. Intell. Rev. 56(2), 1145\u20131173 (2023)","journal-title":"Artif. Intell. Rev."},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"Kenneally, E., Dittrich, D.: The menlo report: ethical principles guiding information and communication technology research. Available at SSRN 2445102 (2012)","DOI":"10.2139\/ssrn.2445102"},{"key":"8_CR26","unstructured":"Khonji, M., Iraqi, Y., Jones, A.: Mitigation of spear phishing attacks: a content-based authorship identification framework. In: 6th International Conference for Internet Technology and Secured Transactions, ICITST 2011, Abu Dhabi, UAE, 11\u201314 December 2011. pp. 416\u2013421. IEEE (2011)"},{"key":"8_CR27","first-page":"1","volume":"7208","author":"S Kitterman","year":"2014","unstructured":"Kitterman, S.: Sender policy framework (SPF) for authorizing use of domains in email, version 1. RFC 7208, 1\u201364 (2014)","journal-title":"RFC"},{"key":"8_CR28","doi-asserted-by":"publisher","unstructured":"Klensin, J.C., Catoe, R., Krumviede, P.: IMAP\/POP authorize extension for simple challenge\/response. RFC 2095, 1\u20135 (1997). https:\/\/doi.org\/10.17487\/RFC2095","DOI":"10.17487\/RFC2095"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Krause, T., Uetz, R., Kretschmann, T.: Recognizing email spam from meta data only. In: 7th IEEE Conference on Communications and Network Security, CNS 2019, Washington, DC, USA, 10\u201312 June 2019, pp. 178\u2013186. IEEE (2019)","DOI":"10.1109\/CNS.2019.8802827"},{"key":"8_CR30","doi-asserted-by":"crossref","unstructured":"Kucherawy, M., Zwicky, E.: Domain-based message authentication, reporting, and conformance (dmarc). Technical report (2015)","DOI":"10.17487\/rfc7489"},{"key":"8_CR31","doi-asserted-by":"publisher","unstructured":"Kucherawy, M.S., Zwicky, E.D.: Domain-based message authentication, reporting, and conformance (DMARC). RFC 7489, 1\u201373 (2015). https:\/\/doi.org\/10.17487\/RFC7489","DOI":"10.17487\/RFC7489"},{"key":"8_CR32","unstructured":"Lee, H., Ashiq, M.I., M\u00fcller, M., van Rijswijk-Deij, R., Kwon, T.T., Chung, T.: Under the hood of DANE mismanagement in SMTP. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 1\u201316. USENIX Association, Boston (2022)"},{"key":"8_CR33","unstructured":"mailchimp: Limitations of html email. https:\/\/mailchimp.com\/help\/limitations-of-html-email\/"},{"key":"8_CR34","doi-asserted-by":"crossref","unstructured":"Mayer, W., Zauner, A., Schmiedecker, M., Huber, M.: No need for black chambers: testing TLS in the e-mail ecosystem at large. In: 11th International Conference on Availability, Reliability and Security, ARES 2016, Salzburg, Austria, 31 August\u20132 September 2016, pp. 10\u201320. IEEE Computer Society (2016)","DOI":"10.1109\/ARES.2016.11"},{"key":"8_CR35","unstructured":"Poddebniak, D., Ising, F., B\u00f6ck, H., Schinzel, S.: Why TLS is better without STARTTLS: a security analysis of STARTTLS in the email context. In: Bailey, M.D., Greenstadt, R. (eds.) 30th USENIX Security Symposium, USENIX Security 2021, 11\u201313 August 2021, pp. 4365\u20134382. USENIX Association (2021)"},{"key":"8_CR36","first-page":"1","volume":"821","author":"J Postel","year":"1982","unstructured":"Postel, J.: Simple mail transfer protocol. RFC 821, 1\u201372 (1982)","journal-title":"RFC"},{"key":"8_CR37","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101716","volume":"94","author":"N Saidani","year":"2020","unstructured":"Saidani, N., Adi, K., Allili, M.S.: A semantic-based classification approach for an enhanced spam detection. Comput. Secur. 94, 101716 (2020)","journal-title":"Comput. Secur."},{"key":"8_CR38","unstructured":"Shen, K., et al.: Weak links in authentication chains: a large-scale analysis of email sender spoofing attacks. In: Bailey, M.D., Greenstadt, R. (eds.) 30th USENIX Security Symposium, USENIX Security 2021, 11\u201313 August 2021. USENIX Association (2021)"},{"key":"8_CR39","unstructured":"Standardization Administration of the People\u2019s Republic of China: Information security technology\u2014technical specification for anti-spam products(gb\/t 30282-2023) (2023). https:\/\/std.samr.gov.cn\/gb\/search\/gbDetailed?id=FC816D04FF0A62EBE05397BE0A0AD5FA"},{"key":"8_CR40","doi-asserted-by":"crossref","unstructured":"Stransky, C., Wiese, O., Roth, V., Acar, Y., Fahl, S.: 27 years and 81 million opportunities later: investigating the use of email encryption for an entire university. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 860\u2013875. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833755"},{"key":"8_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/978-3-319-20550-2_5","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"G Stringhini","year":"2015","unstructured":"Stringhini, G., Thonnard, O.: That ain\u2019t you: blocking spearphishing through behavioral modelling. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 78\u201397. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-20550-2_5"},{"key":"8_CR42","unstructured":"Wang, C., et al.: A large-scale and longitudinal measurement study of DKIM deployment. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 1185\u20131201. USENIX Association, Boston (2022)"},{"issue":"2","key":"8_CR43","doi-asserted-by":"publisher","first-page":"110","DOI":"10.7763\/JACN.2014.V2.92","volume":"2","author":"J Wang","year":"2014","unstructured":"Wang, J., Katagishi, K.: Image content-based \u201cemail spam image\u2019\u2019 filtering. J. Adv. Comput. Netw. 2(2), 110\u2013114 (2014)","journal-title":"J. Adv. Comput. Netw."},{"key":"8_CR44","unstructured":"Whittaker, C., Ryner, B., Nazif, M.: Large-scale automatic classification of phishing pages. In: Proceedings of the Network and Distributed System Security Symposium NDSS, San Diego, USA, 28 February\u20133 March 2010. The Internet Society (2010)"},{"key":"8_CR45","unstructured":"WORLDMETRICS.ORG: Global email traffic dominated by spam, accounting for 58.5% (2024). https:\/\/worldmetrics.org\/spam-statistics\/"},{"key":"8_CR46","unstructured":"Yahoo: Manage spam and mailing lists in new yahoo mail. https:\/\/help.yahoo.com\/kb\/SLN28056.html?guccounter=1"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-07901-5_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:29:59Z","timestamp":1760185799000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-07901-5_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,12]]},"ISBN":["9783032079008","9783032079015"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-07901-5_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,12]]},"assertion":[{"value":"12 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}