Digital Authentication for Official Bulk Email

摘要

Official bulk email is an efficient tool for disseminating information to a wide audience. Its inherent efficiency, captive audience, and trust provide a dangerous attack vector for adversaries utilizing fraudulent email. Digital authentication can provide a layer of defense to official bulk email that, combined with other defensive countermeasures, will greatly reduce its vulnerabilities. The Department of Defense mandates that official emails, which contain hyperlinks, attachments, or instructions to recipients, must contain a digital signature, authenticating the source of the email, and ensuring the integrity of its contents. This policy, though used at some military installations, is not being applied to official bulk email at others due to administrative roadblocks in obtaining role-based certificates, and implementing an authentication policy with legacy email systems. This thesis identified administrative roadblocks in deploying digital authentication solutions within the Department of Defense, explored different technology options of a digital authentication solution for official bulk email, created a proof of concept solution using a Python proxy server and S/MIME, and looked at the most popular mail user agents to see how they interpret S/MIME digital signatures. Applying digital authentication to official bulk email will close a potentially critical vulnerability in the defense of DoD networks.