Yuya SHIBUYA
澁谷遊野
New Paper: Who Did Not Implement Email Security Measures After Google’s New Email Sender Guidelines?
12 June 2025
【書誌情報】
【論文要旨】
The new email sender guidelines introduced by Google on October 3, 2023, mandate sender authentication protocols, such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC), to minimize unsolicited emails to Gmail addresses. Google asserted that these guidelines would improve email security. However, an August 2024 report indicated that 8 million of the top 10 million domains ranked by web traffic had not implemented DMARC. This large-scale measurement study analyzes entities that did not implement the required email security measures. Our findings demonstrate low SPF, DKIM, and DMARC adoption among domains associated with China, South Korea, and Japan. Gmail is blocked in China owing to censorship. NAVER, which is a prominent search engine, offers free email addresses, diminishing the need for compliance in South Korea. Despite the search engine dominance of Google in Japan, the lagging adoption suggests that non-compliance arises from other constraints, and not necessarily intent. In addition, business-to-business sectors exhibited limited adoption, likely because Gmail addresses hold less operational relevance. While some entities are exempt from the guidelines, others did not comply for certain reasons, notwithstanding enforcement by a powerful organization. Ultimately, if nothing changes with such an organization, it is necessary to discuss how email security should be approached, whether ensuring security requires enforcement power, such as national regulations, or whether there is still room for technical approaches within the Internet community.
[[ 前のページに戻る ]]