{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T13:37:34Z","timestamp":1760189854042,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,24]],"date-time":"2023-10-24T00:00:00Z","timestamp":1698105600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"German Federal Ministry of Education and Research","award":["BIFOLD23B"],"award-info":[{"award-number":["BIFOLD23B"]}]},{"DOI":"10.13039\/501100000781","name":"European Research Council","doi-asserted-by":"publisher","award":["101043410"],"award-info":[{"award-number":["101043410"]}],"id":[{"id":"10.13039\/501100000781","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,24]]},"DOI":"10.1145\/3618257.3624827","type":"proceedings-article","created":{"date-parts":[[2023,10,23]],"date-time":"2023-10-23T00:19:52Z","timestamp":1698020392000},"page":"344-355","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Lazy Gatekeepers: A Large-Scale Study on SPF Configuration in the Wild"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-3342-7460","authenticated-orcid":false,"given":"Stefan","family":"Czybik","sequence":"first","affiliation":[{"name":"Technische Universit\u00e4t Berlin, Berlin, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-3195-4573","authenticated-orcid":false,"given":"Micha","family":"Horlboge","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t Berlin, Berlin, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5054-8758","authenticated-orcid":false,"given":"Konrad","family":"Rieck","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t Berlin, Berlin, Germany"}]}],"member":"320","published-online":{"date-parts":[[2023,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3561468"},{"key":"e_1_3_2_1_2_1","first-page":"2142","author":"Crocker D.","year":"1997","unstructured":"D. Crocker. Mailbox Names for Common Services, Roles and Functions. RFC 2142, 1997. URL https:\/\/www.rfc-editor.org\/info\/rfc2142.","journal-title":"Roles and Functions. RFC"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485983.3494868"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815695"},{"key":"e_1_3_2_1_5_1","unstructured":"European Commission. Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95\/46\/EC (General Data Protection Regulation) 2016. URL https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813607"},{"key":"e_1_3_2_1_7_1","first-page":"9116","author":"Foudil E.","year":"2022","unstructured":"E. Foudil and Y. Shafranovich. A File Format to Aid in Security Vulnerability Disclosure. RFC 9116, 2022. URL https:\/\/www.rfc-editor.org\/info\/rfc9116.","journal-title":"RFC"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_4"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2015.7249513"},{"key":"e_1_3_2_1_10_1","unstructured":"T. R. Group. Number of e-mail users worldwide from 2017 to 2025 (in millions). URL https:\/\/www.statista.com\/statistics\/255080\/number-of-e-mail-user s-worldwide\/."},{"key":"e_1_3_2_1_11_1","first-page":"3207","author":"Hoffman P. E.","year":"2002","unstructured":"P. E. Hoffman. SMTP Service Extension for Secure SMTP over Transport Layer Security. RFC 3207, 2002. URL https:\/\/www.rfc-editor.org\/info\/rfc3207.","journal-title":"Transport Layer Security. RFC"},{"key":"e_1_3_2_1_12_1","volume-title":"Proc. of the USENIX Security Symposium. USENIX Association","author":"Hu H.","year":"2018","unstructured":"H. Hu and G. Wang. End-to-end measurements of email spoofing attacks. In Proc. of the USENIX Security Symposium. USENIX Association, 2018."},{"key":"e_1_3_2_1_13_1","volume-title":"Characterizing sender policy framework configurations at scale. Master's thesis","author":"Kahraman G.","year":"2020","unstructured":"G. Kahraman. Characterizing sender policy framework configurations at scale. Master's thesis, 2020. URL http:\/\/essay.utwente.nl\/83315\/."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455774"},{"key":"e_1_3_2_1_15_1","volume-title":"Department of Homeland Security","author":"Kenneally E.","year":"2012","unstructured":"E. Kenneally and D. Dittrich. The Menlo report: Ethical principles guiding information and communication technology research. Technical report, U.S. Department of Homeland Security, 2012."},{"key":"e_1_3_2_1_16_1","first-page":"6652","author":"Kitterman S.","year":"2012","unstructured":"S. Kitterman. Sender Policy Framework (SPF) Authentication Failure Reporting Using the Abuse Reporting Format. RFC 6652, 2012. URL https:\/\/www.rfc-editor.org\/info\/rfc6652.","journal-title":"Authentication Failure Reporting Using the Abuse Reporting Format. RFC"},{"key":"e_1_3_2_1_17_1","first-page":"7208","author":"Kitterman S.","year":"2014","unstructured":"S. Kitterman. Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1. RFC 7208, 2014. URL https:\/\/www.rfc-editor.org\/info\/rfc7208.","journal-title":"RFC"},{"key":"e_1_3_2_1_18_1","first-page":"7489","author":"Kucherawy M.","year":"2015","unstructured":"M. Kucherawy and E. Zwicky. Domain-based Message Authentication, Reporting, and Conformance (DMARC). RFC 7489, 2015. URL https:\/\/www.rfc-editor.org\/i nfo\/rfc7489.","journal-title":"Domain-based Message Authentication, Reporting, and Conformance (DMARC). RFC"},{"key":"e_1_3_2_1_19_1","first-page":"6376","author":"Kucherawy M.","year":"2011","unstructured":"M. Kucherawy, D. Crocker, and T. Hansen. DomainKeys Identified Mail (DKIM) Signatures. RFC 6376, 2011. URL https:\/\/www.rfc-editor.org\/info\/rfc6376.","journal-title":"DomainKeys Identified Mail (DKIM) Signatures. RFC"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP57164.2023.00030"},{"key":"e_1_3_2_1_21_1","first-page":"2595","author":"Newman C.","year":"1999","unstructured":"C. Newman. Using TLS with IMAP, POP3 and ACAP. RFC 2595, 1999. URL https:\/\/www.rfc-editor.org\/info\/rfc2595.","journal-title":"ACAP. RFC"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23386"},{"key":"e_1_3_2_1_23_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Poddebniak D.","year":"2018","unstructured":"D. Poddebniak, C. Dresen, J. M\u00fcller, F. Ising, S. Schinzel, S. Friedberger, J. So-morovsky, and J. Schwenk. Efail: Breaking S\/MIME and OpenPGP email encryption using exfiltration channels. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, 2018."},{"key":"e_1_3_2_1_24_1","first-page":"821","year":"1982","unstructured":"J. B. Postel. Simple Mail Transfer Protocol. RFC 821, 1982. URL https:\/\/www.rfc-editor.org\/info\/rfc821.","journal-title":"J. B. Postel. Simple Mail Transfer Protocol. RFC"},{"key":"e_1_3_2_1_25_1","first-page":"3156","author":"Roessler T.","year":"2001","unstructured":"T. Roessler, M. Elkins, R. Levien, and D. D. Torto. MIME Security with OpenPGP. RFC 3156, 2001. URL https:\/\/www.rfc-editor.org\/info\/rfc3156.","journal-title":"MIME Security with OpenPGP. RFC"},{"key":"e_1_3_2_1_26_1","volume-title":"2020 IFIP Networking Conference (Networking). IEEE Computer Society","author":"Ruohonen J.","year":"2020","unstructured":"J. Ruohonen. Measuring basic load-balancing and fail-over setups for email delivery via dns mx records. In 2020 IFIP Networking Conference (Networking). IEEE Computer Society, 2020."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8551"},{"key":"e_1_3_2_1_28_1","first-page":"4408","author":"Schlitt W.","year":"2006","unstructured":"W. Schlitt and M. W. Wong. Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1. RFC 4408, 2006. URL https:\/\/www.rfc-editor.org\/info\/rfc4408.","journal-title":"RFC"},{"key":"e_1_3_2_1_29_1","volume-title":"USENIX Security Symposium. USENIX Association","author":"Shen K.","year":"2021","unstructured":"K. Shen, C. Wang, M. Guo, X. Zheng, C. Lu, B. Liu, Y. Zhao, S. Hao, H. Duan, Q. Pan, et al. Weak links in authentication chains: A large-scale analysis of email sender spoofing attacks. In USENIX Security Symposium. USENIX Association, 2021."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3423617"},{"key":"e_1_3_2_1_31_1","volume-title":"Proc. of the 25th USENIX Security Symposium (USENIX Security 16)","author":"Stock B.","year":"2016","unstructured":"B. Stock, G. Pellegrino, C. Rossow, M. Johns, and M. Backes. Hey, you have a problem: On the feasibility of Large-Scale web vulnerability notification. In Proc. of the 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, 2016."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23171"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3471621.3471842"},{"key":"e_1_3_2_1_34_1","volume-title":"All your spf belong to us: Exploring trust relationships through global scale spf mining","author":"Trost J.","year":"2020","unstructured":"J. Trost. All your spf belong to us: Exploring trust relationships through global scale spf mining, 2020. URL http:\/\/www.covert.io\/all-your-spf-are-belong-to-us-exploring-trust-relationships-through-gloabl-scale-spf-mining\/. Accessed: 2023-09-13."},{"key":"e_1_3_2_1_35_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Wang C.","year":"2022","unstructured":"C. Wang, K. Shen, M. Guo, Y. Zhao, M. Zhang, J. Chen, B. Liu, X. Zheng, H. Duan, Y. Lin, and Q. Pan. A large-scale and longitudinal measurement study of DKIM deployment. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, 2022"}],"event":{"name":"IMC '23: ACM Internet Measurement Conference","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"],"location":"Montreal QC Canada","acronym":"IMC '23"},"container-title":["Proceedings of the 2023 ACM on Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624827","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3618257.3624827","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T13:17:30Z","timestamp":1755868650000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624827"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,24]]},"references-count":35,"alternative-id":["10.1145\/3618257.3624827","10.1145\/3618257"],"URL":"https:\/\/doi.org\/10.1145\/3618257.3624827","relation":{},"subject":[],"published":{"date-parts":[[2023,10,24]]},"assertion":[{"value":"2023-10-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}