Email attacks : Investigation about the vulnerability of the Swedish organizations against email threats.

Abstract: Email is an essential form of communication for organizations. Nevertheless, with so much popularity came many challenges. These emails usually carry sensitive data that might cause significant harm if they get compromised. Besides, spam and phishing emails that continually reach the employees’ inbox masquerading as a trusted entity due to the lack of authentication mechanisms are also considered a significant threat for organizations today. Such threats are phishing using email domain forgery attack, redirecting emails to a mail server that is under the attacker’s control, and connection eavesdropping. The research aimed to investigate the vulnerability of approximately 2000 organizations within Sweden against those attacks. Toward that end, the quantity and quality of the following email security mechanisms SPF, DKIM, DMARC, STARTTLS, DNSSEC, and DANE were examined through a case study. Also, the adoption of these mechanisms was investigated, whether it varies based on different factors such as organization size, sector, and location. The research findings indicated that the average adoption rate by the tested organizations was approximately 50%. Furthermore, the result demonstrated that there were no differences in the adopted mechanisms based on the studied factors that the results were quite similar among the tested groups. It concluded that there is a lack of protection mechanisms, which made the majority of the tested organizations vulnerable to different types of email attacks.