The paper entitled "Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy” co-authored by a team from UC San Diego, Stanford and the University of Twente has been awarded the Best Paper Award at the IEEE Euro S&P security conference, which takes place from July 3rd - 7th, 2023, at TU Delft. Praised by the technical programme committee as the “one clear winner”, the paper explores serious vulnerabilities in e-mail security that can occur when e-mail forwarders are in use. The paper demonstrates that through these vulnerabilities, attackers can deliver seemingly legitimate messages that appear to originate from high profile domains, such as the US State Department, to key mail providers such as GMail and Microsoft Outlook. DACS and TUCCR researcher Mattijs Jonker was part of the team that co-authored this work.
The work in the paper already attracted headlines earlier this year when it was featured on popular industry site “The Register” (https://www.utwente.nl/en/eemcs/dacs/news/2023/2/503314/work-on-e-mail-security-by-uc-san-diego-stanford-and-dacs-makes-headlines-on-the-register).
The full paper can be found here: https://ris.utwente.nl/ws/portalfiles/portal/303254428/eurosp23_paper17.pdf