Skip to main content

Investigating the leakage of sensitive personal and organisational information in email headers

Nurse, Jason R. C., Erola, Arnau, Goldsmith, Michael, Creese, Sadie (2015) Investigating the leakage of sensitive personal and organisational information in email headers. Journal of Internet Services and Information Security, 5 (1). pp. 70-84. ISSN 2182-2069. E-ISSN 2182-2077. (doi:10.22667/JISIS.2015.02.31.070) (KAR id:67510)

Abstract

Email is undoubtedly the most used communications mechanism in society today. Within business alone, it is estimated that 100 billion emails are sent and received daily across the world. While the security and privacy of email has been of concern to enterprises and individuals for decades, this has predominately been focused on protecting against malicious content in incoming emails and explicit data exfiltration, rather than inadvertent leaks in outgoing emails. In this paper, we consider this topic of outgoing emails and unintentional information leakage to better appreciate the security and privacy concerns related to the simple activity of sending an email. Specifically, our research seeks to investigate the extent to which potentially sensitive information could be leaked, in even blank emails, by considering the metadata that is a natural part of email headers. Through findings from a user-based experiment, we demonstrate that there is a noteworthy level of exposure of organisational and personal identity information, much of which can be further used by an attacker for reconnaissance or develop a more targeted and sophisticated attack.

Item Type: Article
DOI/Identification number: 10.22667/JISIS.2015.02.31.070
Subjects: Q Science
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Jason Nurse
Date Deposited: 02 Jul 2018 17:03 UTC
Last Modified: 08 Dec 2022 21:59 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/67510 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.