{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T00:19:04Z","timestamp":1769300344956,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":160,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662643211","type":"print"},{"value":"9783662643228","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-662-64322-8_18","type":"book-chapter","created":{"date-parts":[[2021,10,22]],"date-time":"2021-10-22T22:17:23Z","timestamp":1634941043000},"page":"360-390","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["SoK: Securing Email\u2014A Stakeholder-Based Analysis"],"prefix":"10.1007","author":[{"given":"Jeremy","family":"Clark","sequence":"first","affiliation":[]},{"given":"P. C.","family":"van Oorschot","sequence":"additional","affiliation":[]},{"given":"Scott","family":"Ruoti","sequence":"additional","affiliation":[]},{"given":"Kent","family":"Seamons","sequence":"additional","affiliation":[]},{"given":"Daniel","family":"Zappala","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,10,23]]},"reference":[{"key":"18_CR1","unstructured":"Abelson, H., et al.: The risks of key recovery, key escrow, and trusted third-party encryption. World Wide Web J. 2(3), 241\u2013257 (1997)"},{"key":"18_CR2","doi-asserted-by":"crossref","unstructured":"Abelson, H., et al.: Keys under doormats: mandating insecurity by requiring government access to all data and communications. J. Cybersecurity 1(1) (2015)","DOI":"10.1093\/cybsec\/tyv009"},{"key":"18_CR3","doi-asserted-by":"crossref","unstructured":"Abu-Salma, R., et al.: The security blanket of the chat world: an analytic evaluation and a user study of Telegram. In: European Workshop on Usable Security (EuroUSEC 2017). Internet Society (2017)","DOI":"10.14722\/eurousec.2017.23006"},{"key":"18_CR4","doi-asserted-by":"crossref","unstructured":"Abu-Salma, R., Sasse, M.A., Bonneau, J., Danilova, A., Naiakshina, A., Smith, M.: Obstacles to the adoption of secure communication tools. In: IEEE Symposium on Security & Privacy (2017)","DOI":"10.1109\/SP.2017.65"},{"key":"18_CR5","doi-asserted-by":"crossref","unstructured":"Andersen, K., Long, B., Blank, S., Kucherawy, M.: Authenticated Received Chain (ARC) protocol. RFC 8617, IETF, July 2019","DOI":"10.17487\/RFC8617"},{"key":"18_CR6","doi-asserted-by":"crossref","unstructured":"Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS security introduction and requirements. RFC 4033, March 2005","DOI":"10.17487\/rfc4033"},{"key":"18_CR7","unstructured":"Atwater, E., Bocovich, C., Hengartner, U., Lank, E., Goldberg, I.: Leading Johnny to water: Designing for usability and trust. In: SOUPS (2015)"},{"key":"18_CR8","unstructured":"Autocrypt Team: Autocrypt level 1 specification, release 1.1.0, April 2019"},{"key":"18_CR9","unstructured":"Back, A.: Hashcash - A Denial of service counter-measure. Technical report, hashcash.org (2002). http:\/\/www.hashcash.org\/hashcash.pdf"},{"key":"18_CR10","unstructured":"Bai, W., Namara, M., Qian, Y., Kelley, P.G., Mazurek, M.L., Kim, D.: An inconvenient trust: User attitudes toward security and usability tradeoffs for key-directory encryption systems. In: SOUPS (2016)"},{"key":"18_CR11","doi-asserted-by":"crossref","unstructured":"Balenson, D.: Privacy enhancement for Internet electronic mail: Part III: Algorithms, modes, and identifiers. RFC 1423, February 1993","DOI":"10.17487\/rfc1423"},{"key":"18_CR12","unstructured":"Barnes, R.L.: DANE: taking TLS authentication to the next level using DNSSEC. IETF J. 7(2) (2011)"},{"key":"18_CR13","unstructured":"Basin, D., Cremers, C., Kim, T.H.J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: CCS (2014)"},{"key":"18_CR14","unstructured":"Bellovin, S.M.: A look back at \u201csecurity problems in the TCP\/IP protocol suite\u201d. In: ACSAC (2004)"},{"key":"18_CR15","unstructured":"Birk, V., Marques, H., Shelburn, Koechli, S.: pretty Easy privacy (pEp): Privacy by default. Internet-Draft draft-birk-pep-06, IETF, November 2020. https:\/\/datatracker.ietf.org\/doc\/html\/draft-birk-pep-06, work in progress"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: CCS (2008)","DOI":"10.1145\/1455770.1455823"},{"key":"18_CR17","doi-asserted-by":"crossref","unstructured":"Borisov, N., Goldberg, I., Brewer, E.: Off-the-record communication, or, why not to use PGP. In: WPES (2004)","DOI":"10.1145\/1029179.1029200"},{"key":"18_CR18","unstructured":"Brown, I., Laurie, B.: Security against compelled disclosure. In: ACSAC (2000)"},{"key":"18_CR19","doi-asserted-by":"crossref","unstructured":"Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP message format. RFC 4880, November 2007","DOI":"10.17487\/rfc4880"},{"key":"18_CR20","doi-asserted-by":"crossref","unstructured":"Caputo, D.D., Pfleeger, S.L., Freeman, J.D., Johnson, M.E.: Going spear phishing: Exploring embedded training and awareness. IEEE S&P Mag. 12(1) (2014)","DOI":"10.1109\/MSP.2013.106"},{"key":"18_CR21","unstructured":"Chandramouli, R., Garfinkel, S.L., Nightingale, S.J., Rose, S.W.: Trustworthy email. Special Publication NIST SP 800-177 Rev.1, 26 Feb 2019"},{"key":"18_CR22","doi-asserted-by":"crossref","unstructured":"Chatterjee, R., et al.: The spyware used in intimate partner violence. In: 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21\u201323 May 2018, pp. 441\u2013458 (2018)","DOI":"10.1109\/SP.2018.00061"},{"key":"18_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/BFb0053427","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201994","author":"D Chaum","year":"1995","unstructured":"Chaum, D.: Designated confirmer signatures. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 86\u201391. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/BFb0053427"},{"key":"18_CR24","unstructured":"Chen, J., Paxson, V., Jiang, J.: Composition kills: A case study of email sender authentication. In: USENIX Security (2020)"},{"key":"18_CR25","unstructured":"Clark, J., van Oorschot, P.C., Ruoti, S., Seamons, K.E., Zappala, D.: Sok: Securing email\u2013a stakeholder-based analysis. Technical report 1804.07706, arXiv v2, 25 October 2020"},{"key":"18_CR26","doi-asserted-by":"crossref","unstructured":"Clark, J., van Oorschot, P.C.: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In: IEEE Symposium on Security & Privacy (2013)","DOI":"10.1109\/SP.2013.41"},{"key":"18_CR27","unstructured":"Computing Researach Association: Four grand challenges in trustworthy computing (2003)"},{"key":"18_CR28","doi-asserted-by":"crossref","unstructured":"Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280, May 2008","DOI":"10.17487\/rfc5280"},{"key":"18_CR29","doi-asserted-by":"crossref","unstructured":"Crocker, D.: Internet mail architecture. RFC 5598, IETF (2009)","DOI":"10.17487\/rfc5598"},{"key":"18_CR30","unstructured":"Crocker, D., Hallam-Baker, P., Hansen, T.: DomainKeys Identified Mail (DKIM) service overview. RFC 5585, July 2009"},{"key":"18_CR31","unstructured":"Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: design of a type iii anonymous remailer protocol. In: 2003 Symposium on Security and Privacy, 2003, pp. 2\u201315 (2003)"},{"key":"18_CR32","doi-asserted-by":"crossref","unstructured":"Dechand, S., Naiakshina, A., Danilova, A., Smith, M.: In encryption we don\u2019t trust: the effect of end-to-end encryption to the masses on user perception. In: EuroS&P 2019 (2019)","DOI":"10.1109\/EuroSP.2019.00037"},{"key":"18_CR33","unstructured":"Dechand, S., et al.: An empirical study of textual key-fingerprint representations. In: USENIX Security (2016)"},{"key":"18_CR34","doi-asserted-by":"crossref","unstructured":"Diffie, W., Landau, S.: Privacy on the Line: The Politics of Wiretapping and Encryption. The MIT Press, second edition 2007 (472 pages), first edition 1998 (352 pages)","DOI":"10.7551\/mitpress\/5572.001.0001"},{"key":"18_CR35","unstructured":"Dingledine, R., Mathewson, N.: Anonymity loves company: usability and the network effect. In: WEIS (2006)"},{"key":"18_CR36","doi-asserted-by":"crossref","unstructured":"Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: USENIX Security (2004)","DOI":"10.21236\/ADA465464"},{"key":"18_CR37","doi-asserted-by":"crossref","unstructured":"Durumeric, Z., et al.: Neither snow nor rain nor MITM...: An empirical analysis of email delivery security. In: IMC (2015)","DOI":"10.1145\/2815675.2815695"},{"key":"18_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-48071-4_10","volume-title":"Advances in Cryptology \u2014 CRYPTO\u201992","author":"C Dwork","year":"1993","unstructured":"Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139\u2013147. Springer, Heidelberg (1993)"},{"key":"18_CR39","doi-asserted-by":"crossref","unstructured":"Elkins, M., Torto, D.D., Levien, R., Roessler, T.: MIME security with OpenPGP. RFC 3156, August 2001","DOI":"10.17487\/rfc3156"},{"key":"18_CR40","doi-asserted-by":"crossref","unstructured":"Englehardt, S., Han, J., Narayanan, A.: I never signed up for this: privacy implications of email tracking. PETS (2018)","DOI":"10.1515\/popets-2018-0006"},{"key":"18_CR41","unstructured":"Fagan, M., Khan, M.M.H.: Why do they do what they do?: a study of what motivates users to (not) follow computer security advice. In: SOUPS (2016)"},{"key":"18_CR42","doi-asserted-by":"crossref","unstructured":"Farrell, S.: Why don\u2019t we encrypt our email? IEEE Internet Computing, vol. 13(1) (2009)","DOI":"10.1109\/MIC.2009.25"},{"key":"18_CR43","doi-asserted-by":"crossref","unstructured":"Fenton, J.: Analysis of threats motivating DomainKeys Identified Mail (DKIM). RFC 4686, September 2006","DOI":"10.17487\/rfc4686"},{"key":"18_CR44","unstructured":"Flor\u00eancio, D., Herley, C., van Oorschot, P.C.: An administrator\u2019s guide to Internet password research. In: USENIX LISA (2014)"},{"key":"18_CR45","doi-asserted-by":"crossref","unstructured":"Foster, I.D., Larson, J., Masich, M., Snoeren, A.C., Savage, S., Levchenko, K.: Security by any other name: on the effectiveness of provider based email security. In: CCS (2015)","DOI":"10.1145\/2810103.2813607"},{"key":"18_CR46","unstructured":"Franceschi-Bicchierai, L.: Even the inventor of PGP doesn\u2019t use PGP. motherboard.vice.com, September 2015. https:\/\/motherboard.vice.com\/en_us\/article\/vvbw9a\/even-the-inventor-of-pgp-doesnt-use-pgp"},{"key":"18_CR47","unstructured":"Franklin, J., Perrig, A., Paxson, V., Savage, S.: An inquiry into the nature and causes of the wealth of Internet miscreants. In: CCS (2007)"},{"key":"18_CR48","doi-asserted-by":"crossref","unstructured":"Freed, N., Borenstein, N.S.: Multipurpose Internet Mail Extensions (MIME) Part one: Format of Internet message bodies. RFC 2045, November 1996","DOI":"10.17487\/rfc2045"},{"key":"18_CR49","unstructured":"Fry, A., Chiasson, S., Somayaji, A.: Not sealed but delivered: the (un) usability of S\/MIME today. In: ASIA (2012)"},{"key":"18_CR50","doi-asserted-by":"crossref","unstructured":"Garfinkel, S.L., Margrave, D., Schiller, J.I., Nordlander, E., Miller, R.C.: How to make secure email easier to use. In: CHI (2005)","DOI":"10.1145\/1054972.1055069"},{"key":"18_CR51","doi-asserted-by":"crossref","unstructured":"Garfinkel, S.L., Miller, R.C.: Johnny 2: A user test of key continuity management with S\/MIME and Outlook Express. In: SOUPS (2005)","DOI":"10.1145\/1073001.1073003"},{"key":"18_CR52","unstructured":"Gasser, U., et al.: Don\u2019t panic: Making progress on the \u201cgoing dark\u201d debate. Berkman Center for Internet & Society at Harvard Law School (2016)"},{"key":"18_CR53","doi-asserted-by":"crossref","unstructured":"Gaw, S., Felten, E.W., Fernandez-Kelly, P.: Secrecy, flagging, and paranoia: adoption criteria in encrypted email. In: CHI (2006)","DOI":"10.1145\/1124772.1124862"},{"key":"18_CR54","unstructured":"Geambasu, R., Kohno, T., Levy, A.A., Levy, H.M.: Vanish: increasing data privacy with self-destructing data. In: USENIX Security Symposium (2009)"},{"key":"18_CR55","doi-asserted-by":"crossref","unstructured":"Gellens, R., Klensin, J.: Message submission for mail. RFC 6409, November 2011","DOI":"10.17487\/rfc6409"},{"key":"18_CR56","doi-asserted-by":"crossref","unstructured":"Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)","DOI":"10.1145\/1536414.1536440"},{"key":"18_CR57","doi-asserted-by":"publisher","unstructured":"Goldberg, I., Wagner, D., Brewer, E.: Privacy-enhancing technologies for the Internet. In: IEEE COMPCON. Digest of Papers, February 1997. https:\/\/doi.org\/10.1109\/CMPCON.1997.584680","DOI":"10.1109\/CMPCON.1997.584680"},{"key":"18_CR58","doi-asserted-by":"crossref","unstructured":"Goldberg, I.: Privacy-enhancing technologies for the Internet, II: Five years later. In: PETS (2003)","DOI":"10.1007\/3-540-36467-6_1"},{"key":"18_CR59","doi-asserted-by":"crossref","unstructured":"Goldberg, I.: Privacy enhancing technologies for the Internet III: Ten years later. In: Acquisti, A., Gritzalis, S., Lambrinoudakis, C., De Capitani di Vimercati, S. (eds.) Digital Privacy: Theory, Technologies and Practices. Auerbach Press (2007)","DOI":"10.1201\/9781420052183.ch1"},{"key":"18_CR60","unstructured":"Goldberg, I.A.: A Pseudonymous Communications Infrastructure for the Internet. Ph.D. thesis, UC Berkeley (2000)"},{"key":"18_CR61","unstructured":"Goodin, D.: Use of Tor helped FBI ID suspect in bomb hoax case. Ars Technica, December 2013"},{"key":"18_CR62","unstructured":"Google: Hosted S\/MIME by Google provides enhanced security for Gmail in the enterprise (2019). https:\/\/security.googleblog.com\/2017\/02\/hosted-smime-by-google-provides.html"},{"key":"18_CR63","unstructured":"Hadnagy, C.: Social Engineering: The Art of Human Hacking. Wiley (2010)"},{"key":"18_CR64","unstructured":"Havron, S., Freed, D., Chatterjee, R., McCoy, D., Dell, N., Ristenpart, T.: Clinical computer security for victims of intimate partner violence. In: USENIX Security (2019)"},{"key":"18_CR65","doi-asserted-by":"crossref","unstructured":"Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: NSPW (2009)","DOI":"10.1145\/1719030.1719050"},{"key":"18_CR66","unstructured":"Hoffman, P.: Allowing relaying in SMTP: A series of surveys. Internet Mail Consortium Report 16 (2002)"},{"key":"18_CR67","doi-asserted-by":"crossref","unstructured":"Hoffman, P.E.: SMTP service extension for secure SMTP over Transport Layer Security. RFC 3207, February 2002","DOI":"10.17487\/rfc3207"},{"key":"18_CR68","doi-asserted-by":"crossref","unstructured":"Hoffman, P.E., Schlyter, J.: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698, August 2012","DOI":"10.17487\/rfc6698"},{"key":"18_CR69","doi-asserted-by":"crossref","unstructured":"Holz, R., Amann, J., Mehani, O., Wachs, M., Kaafar, M.A.: TLS in the wild: an Internet-wide analysis of TLS-based protocols for electronic communication. In: NDSS (2016)","DOI":"10.14722\/ndss.2016.23055"},{"key":"18_CR70","doi-asserted-by":"crossref","unstructured":"Housley, R.: Cryptographic Message Syntax (CMS). RFC 5652, September 2009","DOI":"10.17487\/rfc5652"},{"key":"18_CR71","unstructured":"Houttuin, J.: A tutorial on gatewaying between x.400 and internet mail. RFC 1506, IETF (2016)"},{"key":"18_CR72","doi-asserted-by":"crossref","unstructured":"Hsiao, H.C., et al.: A study of user-friendly hash comparison schemes. In: ACSAC (2009)","DOI":"10.1109\/ACSAC.2009.20"},{"key":"18_CR73","unstructured":"Hu, H., Wang, G.: End-to-end measurements of email spoofing attacks. In: USENIX Security (2018)"},{"key":"18_CR74","unstructured":"Hushmail (2019). https:\/\/www.hushmail.com\/"},{"key":"18_CR75","doi-asserted-by":"crossref","unstructured":"Iedemska, J., Stringhini, G., Kemmerer, R., Kruegel, C., Vigna, G.: The tricks of the trade: what makes spam campaigns successful? In: SPW (2014)","DOI":"10.1109\/SPW.2014.21"},{"key":"18_CR76","doi-asserted-by":"crossref","unstructured":"Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: EUROCRYPT (1996)","DOI":"10.1007\/3-540-68339-9_13"},{"key":"18_CR77","unstructured":"Jones, S.M., Rae-Grant, J., Adams, J.T., Andersen, K.: Recommended Usage of the Authenticated Received Chain (ARC). Internet-draft, IETF, May 2020"},{"key":"18_CR78","doi-asserted-by":"crossref","unstructured":"Kaliski, B.: Privacy enhancement for Internet electronic mail: Part IV: Key certification and related services. RFC 1424, February 1993","DOI":"10.17487\/rfc1424"},{"key":"18_CR79","doi-asserted-by":"publisher","unstructured":"Kamara, S.: Encrypted search. XRDS 21(3), 30\u201334 (2015). https:\/\/doi.org\/10.1145\/2730908","DOI":"10.1145\/2730908"},{"key":"18_CR80","unstructured":"Kang, R., Dabbish, L., Fruchter, N., Kiesler, S.: \u201cMy data just goes everywhere:\u201d user mental models of the Internet and implications for privacy and security. In: SOUPS (2015)"},{"key":"18_CR81","doi-asserted-by":"crossref","unstructured":"Kapadia, A.: A case (study) for usability in secure email communication. IEEE S&P Mag. 5(2) (2007)","DOI":"10.1109\/MSP.2007.25"},{"key":"18_CR82","doi-asserted-by":"crossref","unstructured":"Kent, S.: Privacy enhancement for Internet electronic mail: Part II: Certificate-based key management. RFC 1422, February 1993","DOI":"10.17487\/rfc1422"},{"key":"18_CR83","doi-asserted-by":"crossref","unstructured":"Kent, S.T.: Internet privacy enhanced mail. CACM 36(8) (1993)","DOI":"10.1145\/163381.163390"},{"key":"18_CR84","doi-asserted-by":"crossref","unstructured":"Kitterman, D.S.: Sender Policy Framework (SPF) for authorizing use of domains in email, version 1. RFC 7208, April 2014","DOI":"10.17487\/rfc7208"},{"key":"18_CR85","doi-asserted-by":"crossref","unstructured":"Klensin, J.C.: Simple Mail Transfer Protocol. RFC 5321, October 2008","DOI":"10.17487\/rfc5321"},{"key":"18_CR86","unstructured":"Kucherawy, M.: Simple Mail Transfer Protocol. RFC 8601, IETF, May 2019"},{"key":"18_CR87","doi-asserted-by":"crossref","unstructured":"Kucherawy, M., Crocker, D., Hansen, T.: DomainKeys Identified Mail (DKIM) signatures. RFC 6376, September 2011","DOI":"10.17487\/rfc6376"},{"key":"18_CR88","doi-asserted-by":"crossref","unstructured":"Kucherawy, M., Zwicky, E.: Domain-based Message Authentication, Reporting, and Conformance (DMARC). RFC 7489, March 2015","DOI":"10.17487\/rfc7489"},{"key":"18_CR89","doi-asserted-by":"crossref","unstructured":"Laszka, A., Vorobeychik, Y., Koutsoukos, X.D.: Optimal personalized filtering against spear-phishing attacks. In: AAAI (2015)","DOI":"10.1609\/aaai.v29i1.9327"},{"key":"18_CR90","doi-asserted-by":"crossref","unstructured":"Laurie, B., Clayton, R.: Proof-of-work proves not to work; version 0.2. In: WEIS (2004)","DOI":"10.1145\/1016978.1016982"},{"key":"18_CR91","first-page":"1307","volume":"48","author":"E Lauzon","year":"1998","unstructured":"Lauzon, E.: The Philip Zimmermann investigation: the start of the fall of export restrictions on encryption software under first amendment free speech issues. Syracuse L. Rev. 48, 1307 (1998)","journal-title":"Syracuse L. Rev."},{"key":"18_CR92","doi-asserted-by":"crossref","unstructured":"Lerner, A., Zeng, E., Roesner, F.: Confidante: usable encrypted email: a case study with lawyers and journalists. In: IEEE EuroS&P (2017)","DOI":"10.1109\/EuroSP.2017.41"},{"key":"18_CR93","doi-asserted-by":"crossref","unstructured":"Levchenko, K., et al.: Click trajectories: end-to-end analysis of the spam value chain. In: IEEE Symposium on Security & Privacy (2011)","DOI":"10.1109\/SP.2011.24"},{"key":"18_CR94","unstructured":"Levien, R., McCarthy, L., Blaze, M.: Transparent Internet e-mail security. In: NDSS (1996)"},{"key":"18_CR95","unstructured":"Levison, L.: Dark Internet Mail Environment architecture and specifications, March 2015. https:\/\/darkmail.info\/downloads\/dark-internet-mail-environment-march-2015.pdf"},{"key":"18_CR96","doi-asserted-by":"crossref","unstructured":"Linn, J.: Privacy enhancement for Internet electronic mail: Part I: Message encryption and authentication procedures. RFC 1421, February 1993","DOI":"10.17487\/rfc1421"},{"key":"18_CR97","doi-asserted-by":"crossref","unstructured":"Liu, D., Hao, S., Wang, H.: All your DNS records point to us: understanding the security threats of dangling DNS records. In: CCS (2016)","DOI":"10.1145\/2976749.2978387"},{"key":"18_CR98","doi-asserted-by":"crossref","unstructured":"Margolis, D., et al.: SMTP MTA Strict Transport Security. RFC 8461, IETF (2018)","DOI":"10.17487\/RFC8461"},{"key":"18_CR99","unstructured":"Marlinspike, M.: GPG and me. moxie.org, February 2015. https:\/\/moxie.org\/2015\/02\/24\/gpg-and-me.html"},{"key":"18_CR100","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1007\/978-3-642-16441-5_10","volume-title":"Public Key Infrastructures, Services and Applications","author":"C Masone","year":"2010","unstructured":"Masone, C., Smith, S.W.: ABUSE: PKI for real-world email trust. In: Martinelli, F., Preneel, B. (eds.) EuroPKI 2009. LNCS, vol. 6391, pp. 146\u2013162. Springer, Heidelberg (2010)"},{"key":"18_CR101","doi-asserted-by":"crossref","unstructured":"Mayer, W., Zauner, A., Schmiedecker, M., Huber, M.: No need for black chambers: testing TLS in the e-mail ecosystem at large. In: IEEE ARES (2016)","DOI":"10.1109\/ARES.2016.11"},{"key":"18_CR102","unstructured":"McCoy, D., et al.: PharmaLeaks: understanding the business of online pharmaceutical affiliate programs. In: USENIX Security Symposium (2012)"},{"key":"18_CR103","unstructured":"McGregor, S.E., Watkins, E.A., Al-Ameen, M.N., Caine, K., Roesner, F.: When the weakest link is strong: secure collaboration in the case of the Panama papers. In: USENIX Security Symposium (2017)"},{"key":"18_CR104","unstructured":"Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: USENIX Security Symposium (2015)"},{"key":"18_CR105","unstructured":"Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1996)"},{"key":"18_CR106","doi-asserted-by":"crossref","unstructured":"Meyerovich, L., Livshits, B.: ConScript: specifying and enforcing fine-grained security policies for JavaScript in the browser. In: IEEE Symposium on Security & Privacy (2010)","DOI":"10.1109\/SP.2010.36"},{"key":"18_CR107","unstructured":"Mitnick, K.D., Simon, W.L.: The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons (2011)"},{"key":"18_CR108","unstructured":"Nakamoto, S.: Bitcoin: A peer-to-peer electionic cash system. Unpublished (2008). https:\/\/bitcoin.org\/bitcoin.pdf"},{"key":"18_CR109","doi-asserted-by":"crossref","unstructured":"Narayanan, A.: What happened to the crypto dream?, Part 1. IEEE S&P Magazine 11 (2013)","DOI":"10.1109\/MSP.2013.45"},{"key":"18_CR110","doi-asserted-by":"crossref","unstructured":"Narayanan, A.: What happened to the crypto dream?, Part 2. IEEE S&P Magazine 11 (2013)","DOI":"10.1109\/MSP.2013.75"},{"key":"18_CR111","doi-asserted-by":"crossref","unstructured":"Newman, C.: Using TLS with IMAP, POP3 and ACAP. RFC 2595, June 1999","DOI":"10.17487\/rfc2595"},{"key":"18_CR112","doi-asserted-by":"crossref","unstructured":"Nurse, J.R., Creese, S., Goldsmith, M., Lamberts, K.: Trustworthy and effective communication of cybersecurity risks: a review. In: Workshop on Socio-Technical Aspects in Security and Trust (STAST 2011). IEEE (2011)","DOI":"10.1109\/STAST.2011.6059257"},{"key":"18_CR113","doi-asserted-by":"publisher","unstructured":"Orman, H.: Encrypted Email: The History and Technology of Message Privacy. Springer (2015). https:\/\/doi.org\/10.1007\/978-3-319-21344-6","DOI":"10.1007\/978-3-319-21344-6"},{"key":"18_CR114","doi-asserted-by":"crossref","unstructured":"Partridge, C.: The technical development of Internet email. IEEE Ann. History Comput. 30(2), 3\u201329 (2008)","DOI":"10.1109\/MAHC.2008.32"},{"issue":"3","key":"18_CR115","doi-asserted-by":"publisher","first-page":"472","DOI":"10.1109\/TCC.2015.2489211","volume":"5","author":"TFM Pasquier","year":"2017","unstructured":"Pasquier, T.F.M., Singh, J., Eyers, D., Bacon, J.: Camflow: managed data-sharing for cloud services. IEEE Trans. Cloud Comput. 5(3), 472\u2013484 (2017)","journal-title":"IEEE Trans. Cloud Comput."},{"key":"18_CR116","unstructured":"Perrin, T., Marlinspike, M.: Double ratchet algorithm, revision 1. signal.org (2016)"},{"key":"18_CR117","unstructured":"Protonmail (2019). https:\/\/protonmail.com\/"},{"key":"18_CR118","doi-asserted-by":"crossref","unstructured":"Ramsdell, B., Turner, S.: Secure\/Multipurpose Internet Mail Extensions (S\/MIME) version 3.2 message specification. RFC 5751, January 2010","DOI":"10.17487\/rfc5751"},{"key":"18_CR119","doi-asserted-by":"crossref","unstructured":"Ramsdell, B.C.: S\/MIME version 3 message specification. RFC 2633, June 1999","DOI":"10.17487\/rfc2633"},{"key":"18_CR120","unstructured":"The Radicati Group: Email statistics report, 2020\u20132024 (2019)"},{"key":"18_CR121","doi-asserted-by":"crossref","unstructured":"Renaud, K., Volkamer, M., Renkema-Padmos, A.: Why doesn\u2019t Jane protect her privacy? In: PETS (2014)","DOI":"10.1007\/978-3-319-08506-7_13"},{"key":"18_CR122","doi-asserted-by":"crossref","unstructured":"Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: ASIACRYPT (2001)","DOI":"10.1007\/3-540-45682-1_32"},{"key":"18_CR123","unstructured":"Rivner, U.: Anatomy of an attack. RSA blog, 1 April 2011. http:\/\/web.archive.org\/web\/20110413224418\/blogs.rsa.com:80\/rivner\/anatomy-of-an-attack\/"},{"key":"18_CR124","unstructured":"Romera, P., Gallego, C.S.: How ICIJ deals with massive data leaks like the Panama Papers and Paradise Papers, 3 July 2018. https:\/\/www.icij.org\/blog\/2018\/07\/how-icij-deals-with-massive-data-leaks-like-the-panama-papers-and-paradise-papers\/"},{"key":"18_CR125","doi-asserted-by":"crossref","unstructured":"Roth, V., Straub, T., Richter, K.: Security and usability engineering with particular attention to electronic mail. Int. J. Hum.-Comput. Stud. 63(1), 51\u201373 (2005)","DOI":"10.1016\/j.ijhcs.2005.04.015"},{"key":"18_CR126","doi-asserted-by":"crossref","unstructured":"Ruoti, S., et al.: A usability study of four secure email tools using paired participants. ACM Trans. Privacy Secur. 22(2), 22\u201329 (2019)","DOI":"10.1145\/3313761"},{"key":"18_CR127","doi-asserted-by":"crossref","unstructured":"Ruoti, S., et al.: \u201cWe\u2019re on the same page\u201d: a usability study of secure email using pairs of novice users. In: CHI (2016)","DOI":"10.1145\/2858036.2858400"},{"key":"18_CR128","doi-asserted-by":"crossref","unstructured":"Ruoti, S., Andersen, J., Hendershot, T., Zappala, D., Seamons, K.: Private webmail 2.0: Simple and easy-to-use secure email. In: UIST (2016)","DOI":"10.1145\/2984511.2984580"},{"key":"18_CR129","unstructured":"Ruoti, S., Andersen, J., Monson, T., Zappala, D., Seamons, K.: A comparative usability study of key management in secure email. In: SOUPS (2018)"},{"key":"18_CR130","doi-asserted-by":"crossref","unstructured":"Ruoti, S., Kim, N., Burgon, B., Van Der Horst, T., Seamons, K.: Confused Johnny: when automatic encryption leads to confusion and mistakes. In: SOUPS (2013)","DOI":"10.1145\/2501604.2501609"},{"key":"18_CR131","unstructured":"Ruoti, S., Monson, T., Wu, J., Zappala, D., Seamons, K.: Weighing context and trade-offs: how suburban adults selected their online security posture. In: SOUPS (2017)"},{"issue":"6","key":"18_CR132","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1109\/MSEC.2019.2933683","volume":"17","author":"S Ruoti","year":"2019","unstructured":"Ruoti, S., Seamons, K.: Johnny\u2019s journey toward usable secure email. IEEE Secur. Privacy 17(6), 72\u201376 (2019)","journal-title":"IEEE Secur. Privacy"},{"key":"18_CR133","doi-asserted-by":"crossref","unstructured":"Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: NDSS (2014)","DOI":"10.14722\/ndss.2014.23379"},{"issue":"9","key":"18_CR134","first-page":"3","volume":"9","author":"N Santos","year":"2009","unstructured":"Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. HotCloud 9(9), 3 (2009)","journal-title":"HotCloud"},{"key":"18_CR135","doi-asserted-by":"crossref","unstructured":"Sasse, A.: Scaring and bullying people into security won\u2019t work. IEEE S&P Magazine 13(3) (2015)","DOI":"10.1109\/MSP.2015.65"},{"key":"18_CR136","unstructured":"Schneier, B., Hall, C.: An improved e-mail security protocol. In: ACSAC (1997)"},{"key":"18_CR137","doi-asserted-by":"crossref","unstructured":"Schr\u00f6der, S., Huber, M., Wind, D., Rottermanner, C.: When SIGNAL hits the fan: on the usability and security of state-of-the-art secure mobile messaging. In: EuroUSEC (2016)","DOI":"10.14722\/eurousec.2016.23012"},{"key":"18_CR138","unstructured":"Shamir, A.: Identity-based cryptosystems and signature schemes. In: Crypto (1984)"},{"key":"18_CR139","doi-asserted-by":"crossref","unstructured":"Siemborski, R., Gulbrandsen, A.: IMAP extension for Simple Authentication and Security Layer (SASL) initial client response. RFC 4959, September 2007","DOI":"10.17487\/rfc4959"},{"key":"18_CR140","doi-asserted-by":"crossref","unstructured":"Siemborski, R., Melnikov, A.: SMTP service extension for authentication. RFC 4954, July 2007","DOI":"10.17487\/rfc4954"},{"key":"18_CR141","doi-asserted-by":"crossref","unstructured":"Siemborski, R., Menon-Sen, A.: The Post Office Protocol (POP3) Simple Authentication and Security Layer (SASL) authentication mechanism. RFC 5034, July 2007","DOI":"10.17487\/rfc5034"},{"key":"18_CR142","unstructured":"Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security & Privacy (2000)"},{"key":"18_CR143","doi-asserted-by":"crossref","unstructured":"Sparrow, E., Halpin, H., Kaneko, K., Pollan, R.: LEAP: a next-generation client VPN and encrypted email provider. In: CANS (2016)","DOI":"10.1007\/978-3-319-48965-0_11"},{"key":"18_CR144","doi-asserted-by":"crossref","unstructured":"Stewart, G., Lacey, D.: Death by a thousand facts: criticising the technocratic approach to information security awareness. Information Management & Computer Security 20(1) (2012)","DOI":"10.1108\/09685221211219182"},{"key":"18_CR145","unstructured":"Stringhini, G., Egele, M., Zarras, A., Holz, T., Kruegel, C., Vigna, G.: B@bel: leveraging email delivery for spam mitigation. In: USENIX Security Symposium (2012)"},{"key":"18_CR146","unstructured":"Tutanota (2019). https:\/\/tutanota.com\/"},{"key":"18_CR147","doi-asserted-by":"crossref","unstructured":"Unger, N., et al.: SoK: secure messaging. In: IEEE Symposium on Security & Privacy (2015)","DOI":"10.1109\/SP.2015.22"},{"key":"18_CR148","unstructured":"Valsorda, F.: Op-ed: I\u2019m throwing in the towel in PGP, and I work in security. Ars Technica, December 2016"},{"key":"18_CR149","doi-asserted-by":"crossref","unstructured":"Van Acker, S., De Ryck, P., Desmet, L., Piessens, F., Joosen, W.: WebJail: least-privilege integration of third-party components in web mashups. In: ACSAC (2011)","DOI":"10.1145\/2076732.2076775"},{"key":"18_CR150","doi-asserted-by":"crossref","unstructured":"Vaziripour, E., Wu, J., Farahbakhsh, R., Seamons, K., O\u2019Neill, M., Zappala, D.: A survey of the privacy preferences and practices of iranian users of telegram. In: Workshop on Usable Security (USEC) (2018)","DOI":"10.14722\/usec.2018.23033"},{"key":"18_CR151","unstructured":"Vaziripour, E., et al.: Is that you, Alice? a usability study of the authentication ceremony of secure messaging applications. In: SOUPS (2017)"},{"key":"18_CR152","doi-asserted-by":"crossref","unstructured":"Wash, R.: Folk models of home computer security. In: SOUPS (2010)","DOI":"10.1145\/1837110.1837125"},{"key":"18_CR153","unstructured":"Whitten, A., Tygar, J.D.: Why Johnny can\u2019t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security Symposium (1999)"},{"key":"18_CR154","unstructured":"Wolchok, S., et al.: Defeating Vanish with low-cost sybil attacks against large DHTs. In: NDSS (2010)"},{"key":"18_CR155","doi-asserted-by":"crossref","unstructured":"Wolthusen, S.D.: A distributed multipurpose mail guard. In: IAW (2003)","DOI":"10.1109\/SMCSIA.2003.1232432"},{"key":"18_CR156","unstructured":"Wu, J., Gatrell, C., Howard, D., Tyler, J., Vaziripour, E., Seamons, K., Zappala, D.: \u201cSomething isn\u2019t secure, but I\u2019m not sure how that translates into a problem\u201d: promoting autonomy by designing for understanding in Signal. In: SOUPS (2019)"},{"key":"18_CR157","unstructured":"Wu, J., Zappala, D.: When is a tree really a truck? exploring mental models of encryption. In: SOUPS (2018)"},{"key":"18_CR158","unstructured":"Zimmermann, P.: PGP Source Code and Internals. MIT Press, Boston (1995)"},{"key":"18_CR159","unstructured":"Zimmermann, P.: PGP marks 10th anniversary, 5 June 2001"},{"key":"18_CR160","unstructured":"Zimmermann, P.R.: The Official PGP User\u2019s Guide. MIT Press, Cambridge (1995)"}],"container-title":["Lecture Notes in Computer Science","Financial Cryptography and Data Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-64322-8_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,13]],"date-time":"2023-01-13T12:53:30Z","timestamp":1673614410000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-662-64322-8_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783662643211","9783662643228"],"references-count":160,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-64322-8_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"23 October 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Financial Cryptography and Data Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 March 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 March 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fc2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/fc21.ifca.ai\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}