Email is undoubtedly the most used communications mechanism in society today. Within business alone, it is estimated that 100 billion emails are sent and received daily across the world. While the security and privacy of email has been of concern to enterprises and individuals for decades, this has predominately been focused on protecting against malicious content in incoming emails and explicit data exfiltration, rather than inadvertent leaks in outgoing emails. In this paper, we consider this topic of outgoing emails and unintentional information leakage to better appreciate the security and privacy concerns related to the simple activity of sending an email. Specifically, our research seeks to investigate the extent to which potentially sensitive information could be leaked, in even blank emails, by considering the metadata that is a natural part of email headers. Through findings from a user-based experiment, we demonstrate that there is a noteworthy level of exposure of organisational and personal identity information, much of which can be further used by an attacker for reconnaissance or develop a more targeted and sophisticated attack.
[1]
Marwan Al-Zarouni,et al.
Tracing E-mail Headers
,
2004,
Australian Computer, Network & Information Forensics Conference.
[2]
Peter Eckersley,et al.
How Unique Is Your Web Browser?
,
2010,
Privacy Enhancing Technologies.
[3]
Peter W. Resnick,et al.
Internet Message Format
,
2001,
RFC.
[4]
Wolfgang Nejdl,et al.
MailRank: using ranking for spam detection
,
2005,
CIKM '05.
[5]
Jeffrey C. Mogul,et al.
Registration Procedures for Message Header Fields
,
2004,
RFC.
[6]
George M. Mohay,et al.
Mining e-mail content for author identification forensics
,
2001,
SGMD.
[7]
John C. Klensin,et al.
Simple Mail Transfer Protocol
,
2001,
RFC.
[8]
Dirk Fox.
Computer Emergency Response Team (CERT)
,
2002,
Datenschutz und Datensicherheit.