This thesis elaborates the fundamentals of working with Domain-based Message Authentication, Reporting, and Conformance (DMARC), a technology designed to prevent e-mail fraud that has been released as RFC in 2015. The federative e-mail system theoretically allows to send messages on behalf of any address, which leads to abuse of the e-mail ecosystem. Therefore, countermeasures have been introduced in order to protect inboxes and their users from fraud like spam, spoong and phishing. DMARC takes advantage of two authentication methods, Sender Policy Framework (SPF) and DomainKeys Identied Mail (DKIM). SPF evaluates the origin of messages based on the sending IP address. Each sending domain has the option to dene IP ranges that are permitted to send on behalf of that particular domain using a Domain Name System (DNS) entry. Messages received from other hosts should be treated according to a dened policy. DKIM signs outgoing e-mails on the sending server using the private key of a public-key cryptography system. Again, the respective public key is distributed via a DNS entry. DKIM signatures that are still intact at the receiving server have a positive eect on the deliverability, broken signatures have a negative eect. ForDMARC, the results of SPF and DKIM are combined. For an incoming message, at least one of these technologies has to pass authentication in order to be aligned with DMARC. Additionally, a sending domain can dene a policy on how to treat unaligned DMARC messages and request data from the receiving domains about the DMARC authentication stats via aggregate reports.

For this thesis, DMARC aggregate reports for two domains have been collected in cooperation with ZID since late 2013. Later, the cooperation was extended to include DMARC relevant data for incoming messages as well as data for an anti-spam engine (i.e. SpamAssassin) to extend the DMARC data. Further, a framework was developed to handle the technical core aspects of this thesis:

• Anonymization of aggregate reports and other data to protect privacy

• Data storage and preprocessing

• Generation of aggregate reports for incoming messages

• Evaluations

• Implementing a functional e-mail domain with full DMARC support for testing purposes

After proving the potential of DMARC in a preliminary research at the University of Vienna [Goj+15], the main goal of this thesis was to evaluate DMARC’s performance as a real-life e-mail domain processing a large volume of e-mails. Furthermore, the author tested and contributed to software necessary to run a DMARC domain.