{"id":"https://openalex.org/W4387880895","doi":"https://doi.org/10.1145/3618257.3624827","title":"Lazy Gatekeepers: A Large-Scale Study on SPF Configuration in the Wild","display_name":"Lazy Gatekeepers: A Large-Scale Study on SPF Configuration in the Wild","publication_year":2023,"publication_date":"2023-10-23","ids":{"openalex":"https://openalex.org/W4387880895","doi":"https://doi.org/10.1145/3618257.3624827"},"language":"en","primary_location":{"id":"doi:10.1145/3618257.3624827","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3618257.3624827","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM on Internet Measurement Conference","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2502.08240","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016418759","display_name":"Stefan Czybik","orcid":"https://orcid.org/0009-0001-3342-7460"},"institutions":[{"id":"https://openalex.org/I4577782","display_name":"Technische Universit\u00e4t Berlin","ror":"https://ror.org/03v4gjf40","country_code":"DE","type":"education","lineage":["https://openalex.org/I4577782"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Stefan Czybik","raw_affiliation_strings":["Technische Universit\u00e4t Berlin, Berlin, Germany"],"raw_orcid":"https://orcid.org/0009-0001-3342-7460","affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Berlin, Berlin, Germany","institution_ids":["https://openalex.org/I4577782"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067407906","display_name":"Micha Horlboge","orcid":"https://orcid.org/0009-0005-3195-4573"},"institutions":[{"id":"https://openalex.org/I4577782","display_name":"Technische Universit\u00e4t Berlin","ror":"https://ror.org/03v4gjf40","country_code":"DE","type":"education","lineage":["https://openalex.org/I4577782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Micha Horlboge","raw_affiliation_strings":["Technische Universit\u00e4t Berlin, Berlin, Germany"],"raw_orcid":"https://orcid.org/0009-0005-3195-4573","affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Berlin, Berlin, Germany","institution_ids":["https://openalex.org/I4577782"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5066077721","display_name":"Konrad Rieck","orcid":"https://orcid.org/0000-0002-5054-8758"},"institutions":[{"id":"https://openalex.org/I4577782","display_name":"Technische Universit\u00e4t Berlin","ror":"https://ror.org/03v4gjf40","country_code":"DE","type":"education","lineage":["https://openalex.org/I4577782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Konrad Rieck","raw_affiliation_strings":["Technische Universit\u00e4t Berlin, Berlin, Germany"],"raw_orcid":"https://orcid.org/0000-0002-5054-8758","affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Berlin, Berlin, Germany","institution_ids":["https://openalex.org/I4577782"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5016418759"],"corresponding_institution_ids":["https://openalex.org/I4577782"],"apc_list":null,"apc_paid":null,"fwci":3.5874,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.93876997,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"344","last_page":"355"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cornerstone","display_name":"Cornerstone","score":0.7877000570297241},{"id":"https://openalex.org/keywords/communication-source","display_name":"Communication source","score":0.7383008599281311},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7083737850189209},{"id":"https://openalex.org/keywords/blockchain","display_name":"Blockchain","score":0.6224147081375122},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.6055521368980408},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5717780590057373},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.5298095941543579},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.43699297308921814},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.4149210751056671},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.19472166895866394},{"id":"https://openalex.org/keywords/geography","display_name":"Geography","score":0.06345576047897339}],"concepts":[{"id":"https://openalex.org/C2780616401","wikidata":"https://www.wikidata.org/wiki/Q1133673","display_name":"Cornerstone","level":2,"score":0.7877000570297241},{"id":"https://openalex.org/C198104137","wikidata":"https://www.wikidata.org/wiki/Q974688","display_name":"Communication source","level":2,"score":0.7383008599281311},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7083737850189209},{"id":"https://openalex.org/C2779687700","wikidata":"https://www.wikidata.org/wiki/Q20514253","display_name":"Blockchain","level":2,"score":0.6224147081375122},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.6055521368980408},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5717780590057373},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.5298095941543579},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.43699297308921814},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4149210751056671},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.19472166895866394},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.06345576047897339},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C58640448","wikidata":"https://www.wikidata.org/wiki/Q42515","display_name":"Cartography","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3618257.3624827","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3618257.3624827","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM on Internet Measurement Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2502.08240","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2502.08240","pdf_url":"https://arxiv.org/pdf/2502.08240","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2502.08240","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2502.08240","pdf_url":"https://arxiv.org/pdf/2502.08240","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7599999904632568}],"awards":[{"id":"https://openalex.org/G2207416379","display_name":null,"funder_award_id":"101043410","funder_id":"https://openalex.org/F4320334678","funder_display_name":"European Research Council"},{"id":"https://openalex.org/G7910929434","display_name":null,"funder_award_id":"BIFOLD23B","funder_id":"https://openalex.org/F4320321114","funder_display_name":"Bundesministerium f\u00fcr Bildung und Forschung"}],"funders":[{"id":"https://openalex.org/F4320321114","display_name":"Bundesministerium f\u00fcr Bildung und Forschung","ror":"https://ror.org/04pz7b180"},{"id":"https://openalex.org/F4320322958","display_name":"Technische Universit\u00e4t Braunschweig","ror":"https://ror.org/010nsgg66"},{"id":"https://openalex.org/F4320334678","display_name":"European Research Council","ror":"https://ror.org/0472cxd90"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387880895.pdf","grobid_xml":"https://content.openalex.org/works/W4387880895.grobid-xml"},"referenced_works_count":31,"referenced_works":["https://openalex.org/W1520405326","https://openalex.org/W1550539236","https://openalex.org/W1678749812","https://openalex.org/W1720840691","https://openalex.org/W1774758602","https://openalex.org/W1996430944","https://openalex.org/W2021327598","https://openalex.org/W2091692346","https://openalex.org/W2182684696","https://openalex.org/W2240246332","https://openalex.org/W2290364176","https://openalex.org/W2291531368","https://openalex.org/W2292723020","https://openalex.org/W2463495559","https://openalex.org/W2794007494","https://openalex.org/W2888937667","https://openalex.org/W2891807831","https://openalex.org/W2904027722","https://openalex.org/W2916867898","https://openalex.org/W2962940036","https://openalex.org/W3007554785","https://openalex.org/W3008468151","https://openalex.org/W3094502939","https://openalex.org/W3104824074","https://openalex.org/W3139849815","https://openalex.org/W3205434230","https://openalex.org/W3216586764","https://openalex.org/W4307020323","https://openalex.org/W4385412234","https://openalex.org/W6675634087","https://openalex.org/W6754619400"],"related_works":["https://openalex.org/W4210406818","https://openalex.org/W4306779889","https://openalex.org/W3048554917","https://openalex.org/W3211706803","https://openalex.org/W4382775358","https://openalex.org/W4246942721","https://openalex.org/W3209862047","https://openalex.org/W4386732777","https://openalex.org/W4304136894","https://openalex.org/W2989851257"],"abstract_inverted_index":{"The":[0],"Sender":[1],"Policy":[2],"Framework":[3],"(SPF)":[4],"is":[5],"a":[6,25,62,102,143],"basic":[7],"mechanism":[8],"for":[9,27,131,148],"authorizing":[10],"the":[11,38,43,57,69,85,96,114,129],"use":[12],"of":[13,40,68,84,105,113,156],"domains":[14,55,70,115,157],"in":[15,56],"email.":[16],"In":[17,33],"combination":[18],"with":[19,65,158],"other":[20],"mechanisms,":[21],"it":[22],"serves":[23],"as":[24],"cornerstone":[26],"protecting":[28],"users":[29],"from":[30,52,121],"forged":[31],"senders.":[32],"this":[34,46],"paper,":[35],"we":[36,48,75,100,145],"investigate":[37],"configuration":[39,151],"SPF":[41,50,72,86,160],"across":[42],"Internet.":[44],"To":[45],"end,":[47],"analyze":[49],"records":[51,87],"12":[53],"million":[54],"wild.":[58],"Our":[59],"analysis":[60],"shows":[61],"growing":[63],"adoption,":[64],"56.5":[66],"%":[67,83,112],"providing":[71],"records.":[73,161],"However,":[74],"also":[76],"uncover":[77],"notable":[78],"security":[79],"issues:":[80],"First,":[81],"2.9":[82],"have":[88],"errors,":[89],"undefined":[90],"content":[91],"or":[92],"ineffective":[93],"rules,":[94],"undermining":[95],"intended":[97],"protection.":[98],"Second,":[99],"observe":[101],"large":[103],"number":[104],"very":[106],"lax":[107],"configurations.":[108],"For":[109],"example,":[110],"34.7":[111],"allow":[116],"emails":[117],"to":[118],"be":[119],"sent":[120],"over":[122],"100":[123],"000":[124],"IP":[125],"addresses.":[126],"We":[127],"explore":[128],"reasons":[130],"these":[132],"loose":[133],"policies":[134],"and":[135,152],"demonstrate":[136],"that":[137],"they":[138],"facilitate":[139],"email":[140],"forgery.":[141],"As":[142],"remedy,":[144],"derive":[146],"recommendations":[147],"an":[149],"adequate":[150],"notify":[153],"all":[154],"operators":[155],"misconfigured":[159]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}