Abstract:
Emails are widely used for communication over the internet. When the system email with all its associated standards and protocols was developed, the focus was not on security, which is still noticeable today. An attacker can send emails with a spoofed sender and exploit this for malicious purposes. Digital signatures can solve this problem of message integrity and authenticity. OpenPGP provides a way to integrate digital signatures into emails, which should prevent email spoofing attacks. However, Müller et al. [30] showed in 2019 that many email clients were vulnerable to attacks in which a signed email could be spoofed on behalf of a third entity. This thesis performs a reevaluation of a subset of the attacks introduced by Müller et al. and analyzes the risk of homograph attacks in the context of OpenPGP signatures. In six out of eleven clients examined, we were able to spoof signed emails. This shows that the problems highlighted by Müller et al. in 2019 have still not been eliminated for a significant portion of email clients.