Riaan Ukuhlaziya Kule minyaka engamashumi amabili edlule, kuye kwenziwa imizamo yokwenza i-imeyili ivikeleke kakhulu. Maye, izivumelwano zokuzivikela ezisetshenziswe phakathi nalesi sikhathi, njenge-SPF, i-DKIM, ne-DMARC, zihlala zingakwazi ukubhekana nobunzima bokudlulisela i-imeyili kanye namazinga ahlukene, ucwaningo luye lwaphetha.
Ku iphepha lokuphrinta ngaphambili enesihloko esithi, “Phambili Phambili: Ngemiphumela Yokuphepha Yendlela Yokudlulisa I-imeyili Nenqubomgomo,” okuhlelelwe ukuvela ku-8th IEEE European Symposium on Security and Privacy July, ababhali u-Enze Liu, uGautam Akiwate, uMattijs Jonker, u-Ariana Mirian, uGrant Ho, UGeoffrey Voelker, noStefan Savage bakhombisa ukuthi imilayezo ye-imeyili ingonaka kalula naphezu kokuba khona kwezindlela zokuzivikela.
Abacwaningi, abaxhumene ne-UC San Diego kanye ne-Stanford University e-US, kanye ne-University of Twente e-Netherlands, baveza ukuthi abahlaseli basengakwazi ukusizakala ngezinkinga zokuphepha ezivela ekudlulisweni kwe-imeyili. Babonise lokhu ngokuletha imilayezo eyinkohliso kuma-akhawunti kubahlinzeki be-imeyili abakhulu njenge-Google Gmail, i-Microsoft Outlook, ne-Zoho.
I-SPF, i-DKIM, ne-DMARC iyasiza. Uhlaka Lwenqubomgomo Yomthumeli (I-SPF) inikeza indlela yokusetha uhlu lwamakheli e-IP angathumela i-imeyili egameni lesizinda, kanye nokuchaza ukuthi yiziphi izinyathelo abamukeli okufanele bazenze lapho bethola umlayezo ovela ekhelini le-IP elingagunyaziwe.
Imeyili Ehlonziwe YesizindaKeys (I-DKIM) idala isiginesha ye-cryptographic ebophezela umlayezo esizindeni esithunyelwayo, kodwa ayiqinisekisi umthumeli (isihloko esithi FROM).
Ukuqinisekisa Umlayezo Wesizinda, Ukubika, Nokuhambisana (I-DMARC) yakhela phezu futhi inwebe i-SPF ne-DKIM ngokutshela umamukeli womlayezo ukuthi enzeni uma umlayezo ungaphumeleli ukuhlolwa kokuqinisekisa, futhi ingabika lolo lwazi kumthumeli.
Lezi zivikelo, nokho, zinenkinga yokubhekana nokuthunyelwa kwe-imeyili. Inkinga eyodwa, i-boffins iyachaza, ukuthi ukudlulisela phambili kubandakanya okungenani amaqembu amathathu nokuthi ubuqiniso be-imeyili buvame ukunqunywa iqembu elinezilungiselelo ezibuthakathaka zokuphepha.
Imilayezo eyihlaya ibonakala ivela ezizindeni ezivelele ezisetshenziswa uhulumeni, ezezimali, ezomthetho, nezinhlangano zabezindaba, kodwa iphuma kwenye indawo. Isibonelo esicashunwe ephepheni lokuhlasela okuyimpumelelo i-imeyili eyinkohliso okuthiwa ithi bush@state.gov ethunyelwe kubhokisi lokungenayo lomsebenzisi we-Gmail ngaphandle kwesaziso esiyisixwayiso.
Izinhlobo zokuhlaselwa konjiniyela bezenhlalo okwenziwa zenzeke nge-imeyili eyinkohliso ziyaqhubeka nokuletha izinselele zokuphepha ezinhlanganweni nakubantu ngabanye. Ukugcizelela lelo phuzu, abacwaningi bakhomba umbiko ka-2021 we-Verizon Data Breach Investigation Report, okhombisa ukuthi ubugebengu bokweba imininingwane ebucayi bubandakanyeka ngaphezu kwengxenye yesithathu (amaphesenti angu-36) yokuphulwa kwedatha okungaphezu kuka-4,000 okuphenyiwe, nokuthi ukuhlaselwa okusekelwe ku-imeyili kuvame ukusetshenziselwa. ubunjiniyela bezenhlalakahle.
Enye inkinga ukuthi inhloso yokudlulisela phambili iwukuba iqembu elidluliselayo lithumele umlayezo okhona esikhundleni somthumeli wangempela ngendlela esobala. Lokho, abacwaningi bakhetha, kuphambene nezifiso zokulwa ne-SPF ne-DMARC.
“Ekugcineni, akukho ukuqaliswa okujwayelekile okukodwa kokuthunyelwa kwe-imeyili,” kusho abacwaningi ephepheni labo. Ngakho-ke, ukukhetha ukuvumela ukudlulisa okuvulekile, kuyilapho kungalimazi ngempela ukuphepha kweqembu eliqalisayo, kunomthelela ongezansi kwamanye amasevisi e-imeyili nakubasebenzisi bawo.
Ngokudabukisayo hhayi isayensi ye-rocket
Ama-boffin achaza ukuhlaselwa kwe-imeyili okuhlukene okune okuhlukene, ngakunye okusebenza nesethi ehlukile yabahlinzeki be-imeyili bezentengiso. Nansi eyodwa efaka iMicrosoft Outlook:
Ngokusho kwabacwaningi, le nqubo iyasebenza – noma yenza ngesikhathi ihlolwa – ezizindeni ezihlanganisa irekhodi le-SPF lezinsizakalo ze-imeyili ezinkulu eziyisithupha, kuhlanganise ne-Outlook, iCloud, Freemail, Hushmail, Mail2World kanye ne-Runbox.
Abantu abangaphezu kwedlanzana basengozini yalokhu kuhlasela. Izifundiswa zithi uma kubhekwa usayizi we-Outlook, umhlaseli osebenzisa le ndlela angakwazi ukukhohlisa i-imeyili ngaphezu kwamaphesenti angu-12 ezizinda ezidume kakhulu ze-Alexa 100,000. Futhi amaphesenti angu-32 ezizinda ze-US .gov, okuhlanganisa amaphesenti angu-22 ezizinda ezisetshenziswa ama-ejensi wombuso, angenziwa i-spoofed kusetshenziswa le nqubo.
Iphepha liyaqhubeka lihlola ezinye izindlela ezintathu zokukhohlisa. Lokhu kubandakanya ukusebenzisa kabi ukuqinisekiswa kokudlulisela okukhululekile, ukuxhaphaza ubungozi ku-ARC (Iketango Elitholiwe Eliqinisekisiwe) ukusetshenziswa, kanye nokukhwabanisa i-imeyili engcolile ngohlu lwama-imeyili.
Abakwa-boffin bathi badalule ubuthakathaka nokuhlaselwa kwabahlinzeki abathintekayo futhi sebezitholile izimpendulo kwabanye. U-Zoho, bathi, ulungise ukuqaliswa kwe-ARC futhi wanikeza abacwaningi inzuzo enkulu yesiphazamisi.
I-Microsoft, ngakolunye uhlangothi, iqinisekise ubungozi, ibuchaza “Okubalulekile,” okuwubunzima obuphakeme kakhulu inkampani eklonyeliswa ngayo ngokuphanga izimbungulu, futhi yakhokha inzuzo enkulu. Isevisi yohlu lwamakheli i-Gaggle Mail iliqinisekisile iphutha elibikiwe futhi yathi izoqala ukusebenzisa i-DMARC. I-Gmail ilungise udaba eyaziswa ngalo. Futhi iCloud’s iCloud kuthiwa iphenya umbiko wesiphazamisi sabacwaningi.
“Nakuba kukhona ukuncishiswa okuthile kwesikhashana (isb, ukuqeda ukusetshenziswa kokudlulisela phambili okuvulekile) okuzonciphisa kakhulu ukuchayeka ekuhlaselweni esikuchaze lapha, ekugcineni i-imeyili idinga ukuphepha okuqinile uma izomelana ngempumelelo nokuhlaselwa okuyichilo. phambili,” kuphetha leli phephandaba. ®
