|
Work item:
|
X.1239 (ex X.sf-dtea)
|
|
Subject/title:
|
Security framework for detecting targeted email attacks
|
|
Status:
|
Determined on 2026-06-10 [Issued from previous study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2026-06 (Medium priority)
|
|
Liaison:
|
-
|
|
Supporting members:
|
Korea (Republic of), ETRI, Broadcom
|
|
Summary:
|
This Recommendation outlines a comprehensive security framework designed for detecting targeted email attacks employing various tactics involving malware and social engineering. It further details the components and functions within the security framework, elucidating the processes for detecting attacks in both inbound and outbound email processing.
Targeted email attacks used in both inbound and outbound emails utilize methods such as header forgery, similar email addresses or account takeover (ATO). They may attach a line to malware and/or impersonate a legitimate sender trusted by the target. Consequently, email users may end up clicking on malicious attachments or links resulting in unauthorized fund transfers, data leaks, computer system failures and more, or replying with personal information, falling into the threat sources' trap.
This poses a serious risk to an organisation or private individual’s information assets. Since the security issues in the sending end further translate into security issues in the receiving end, a systematic security system that considers these aspects is required for detecting and blocking targeted email attacks. However, a suitable solution has not yet been proposed.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2023-09-28 12:30:58
|
|
Last update:
2026-06-26 12:02:41
|