The Mechanics of E-mail
Sometimes it seems that the Internet only exists to support the transmission of e-mail. In e-mail's brief history, it has grown as a hacker's creation for communication on the small ARPAnet into a neoteric communication method that spans the globe. It's a wonderful way to stay in touch with friends and family and to conduct business. The benefits of e-mail seem enormous, but, of course, dangers also exist.
This section covers e-mail software such as Eudora (www.eduora.com), Netscape Mail (mail.netscape.com), and Microsoft Outlook (www.microsoft.com/outlook); however, everything we say can also be applied to online mail services such as Yahoo! Mail and Hotmail. In the next few sections, we will have a closer look at some of the dangers of e-mail, followed by the measures you can take to protect against them. First, we need to mention POP3, IMAP4, and SMTP, the major e-mail protocols in use today:
POP3— Post Office Protocol version 3. A set of communication standards that define how an e-mail client (such as Microsoft Outlook or Eudora) is to retrieve e-mail from a mail server.
IMAP4— Internet Message Access Protocol version 4. A newer set of communication standards for retrieving e-mail from a mail server. Similar to POP3, IMAP supports more advanced features, including the ability to search through e-mail messages for keywords while they are still on the server.
SMTP— Simple Mail Transport Protocol. A set of communication standards for sending e-mail. SMTP is used for sending e-mail from an e-mail client to a mail server. It is also used when one mail server sends mail to another mail server.
POP3 and IMAP4 are similar because they are both designed for retrieving mail. When you open up Outlook or Eudora and start downloading your e-mail, you are most likely using POP3 or IMAP4. When you send an e-mail message to a friend, you are using SMTP to get it there. We will focus on POP3 and SMTP in this chapter because they are the most widely used.
POP3 and SMTP are the protocol standards that define how e-mail travels through cyberspace. In short, these protocols are old and have undergone their share of security problems. Some security problems are inevitable, such as spoofing and spamming; however, you can take precautions to protect yourself against these and against the other attacks we have mentioned.
Most of the security problems surrounding POP3 and SMTP are due to their clear text nature and lack of strong authentication controls. Most e-mail travels across the Internet in clear text. That means it can be intercepted and read by anyone with the skills and intent. In regards to authentication, most e-mail systems use basic controls that do not prevent attackers from attempting to guess username and password combinations.
Corporate E-mail Systems
Many medium- or large-sized companies and organizations have internal mail systems that might differ from the ones we just mentioned. Lotus Notes, Novell GroupWise, and Microsoft Exchange are examples of popular corporate e-mail systems. These e-mail systems typically operate using their own set of protocols that can be used for e-mail exchange within the organization. Security and privacy are typically provided to each e-mail message as it is sent between people. That is, a snooper who is capturing e-mail from the network cannot easily read it.
Strong authentication exists in each of these systems, making it difficult for unauthorized people to access your mailbox. Encryption exists to protect the e-mail messages as they travel across the network. These features are often a configuration of the e-mail system, which can be enabled or disabled. If you work for an organization that uses a popular e-mail system such as Lotus Notes, GroupWise, or Microsoft Exchange, you can rest assured that your e-mail message is kept more secure and private than it would be otherwise.
The rest of this chapter will focus on the Internet-based protocols of POP3 and SMTP and the privacy problems associated with them. POP3 and SMTP are the e-mail protocols you most often use when sending and receiving e-mail through your ISP.
How E-mail Works
E-mail is one of the oldest resources that is still used on the Internet. In fact, it is considered by some to be the most used resource on the Internet. E-mail lets people communicate using text, graphics, sounds, and video. E-mail is sent from one electronic mailbox to another. E-mail traffic on the Internet can be likened to a busy interstate that never sleeps. If you were to peek into the backbone of the Internet, you would see a large amount of e-mail passing back and forth.
From its earliest history between 1972 and 1980, the Internet's builders loved e-mail. Ray Tomlinson is credited with the creation of e-mail. One of the Internet's earliest pioneers, Tomlinson first created a small e-mail system that only worked for a single computer. Mail could only be sent between people who shared that computer. This is much like a town whose post office does not exchange postal mail with other towns, a rare find these days. In the infancy stages of the Internet, sharing information across a network of computers was a developing idea. In fact, sharing information was one of the goals. The idea of interconnecting computers across an electronic network was fantastic and magical. Tomlinson realized that interconnected e-mail had a place on the Internet, so he moved it from a single computer system to a system that could operate and exchange mail across the electronic network. During this time, Tomlinson determined that the @ symbol would be used to separate the person's name from the computer on which their mailbox was stored. Little did he know that @ would become the symbol of a legacy.
Viewed from a high level, e-mail actually works quite simply. In fact, it can virtually be compared to the postal service we have been using for years. When referring to the “e-mail system,” we can visualize the interconnected mailboxes across the entire Internet, from Australia to the U.S. We can also use “e-mail system” to refer to a local exchange of e-mail between an e-mail user and the e-mail server, quite similar to the local postal service where you go to drop off and pick up mail. The core components of an e-mail system include the following:
The e-mail address
The mailbox
The e-mail server
The e-mail client
The protocols (POP3 and SMTP)
The network
These components are responsible for the e-mail communications that take place every day. The e-mail address is comparable to your home address. It is the unique address that identifies your mailbox's exact coordinates on the Internet. The mailbox can be equated to your post office box number at the post office. It is the storage place where mail is delivered and mail is sent. The e-mail server is like the post office. It houses many peoples' mailboxes, and it provides a central place for mail exchange. Sticking to the post office analogy, the e-mail client is you, the person who picks up and delivers mail to your PO box, and the person who reads and trashes mail. In reality, the e-mail client is the software on your computer that retrieves your incoming e-mail from the e-mail server and sends outgoing e-mail to the server for its delivery.
The protocols are the agreed-upon methods for exchanging mail. The protocols define how e-mail clients talk to e-mail servers and how e-mail servers talk to each other. The Post Office's standard means of retrieving, delivering, and storing postal mail are no different. The POP3 protocol defines how mail is to be retrieved from an e-mail server by the e-mail client. The SMTP protocol defines how mail is to be delivered across the network.
The network is the fabric that ties everything together. It is similar to the streets, buildings, mailmen, and trucks that the Post Office has. The difference is that this network is electronic, made up of IP addresses, computers, and the Internet. Of course, e-mail would be useless without the people who use it and make it all possible.
Let's tie all this together into some examples that describe from a high level what happens when you both retrieve an e-mail message and send one.
Retrieving an E-mail Message with POP3
This is how e-mail gets from its destination to you:
Start the e-mail client and establish a connection to the mail server. You power on your computer and open your e-mail program, be it Outlook, Eudora, or even Web-based e-mail such as Hotmail. The e-mail client establishes a connection to your e-mail server, typically on TCP port 110, the port for POP3. If your e-mail address is [email protected], your mail server might have a name of mail.company12345.com. After a connection is established, the e-mail client is prepared to retrieve mail.
The e-mail client uses POP3 to retrieve mail from the server. Your e-mail client contacts the e-mail server using the POP3 protocol. It knows how to find the e-mail server because you configured it ahead of time by specifying mail.cyberspace.com as the name of the server. The POP3 protocol defines commands such as USER, PASS, LIST, RETR, and DELE. POP3 is a simple protocol with few commands and minimal security:
The e-mail client uses the USER command to tell the server your username.
The PASS command sends the server your password.
After the server accepts your USER and PASS, the e-mail client is ready for the next step.
LIST tells the server to return a numbered list of all your e-mail messages.
The RETR command is used to retrieve your e-mail messages one by one.
A few other commands, such as DELE, tell the e-mail server to delete a message.
After all the e-mail has been RETRieved, the e-mail client closes the connection with the server.
That is the process of retrieving e-mail, in a nutshell. With all of your e-mail downloaded to the e-mail client, it is available to be read, deleted, or responded to offline. POP3 e-mail has a large security problem because everything is sent over the network in plain, readable text. Nothing is encrypted with POP3 mail. Your username and password are sent in plain text, so that anybody snooping on the network can read it. If you are on a cable modem connection, all your neighbors can see your e-mail message as it crosses the network if they are looking for it. Each e-mail message you retrieve is also sent to you in plain text, so a snooper can read those e-mails as your retrieve them.
Sending an E-mail Message with SMTP
This is how e-mail gets from you to its destination:
Start the e-mail client and establish a connection to the mail server. Again, open your e-mail client (unless you still had it open from earlier), and this time choose to compose a new mail message. Type in the To field the e-mail address of your intended recipient, such as [email protected]. Then click the Send button.
The e-mail client sends your e-mail from the server using SMTP. The e-mail client connects to your mail server using the SMTP protocol to communicate with it. The SMTP protocol contains more functionality than the POP3 protocol, and more commands as well. Again, however, minimal security is offered with SMTP:
The HELO command is used to set up the connection.
The MAIL FROM: command is used to send the e-mail server the e-mail address that you want this message to appear to be coming from.
The RCPT TO: command is used to tell the e-mail server the e-mail address for the delivery destination.
The DATA command is used to fill in all the important information, such as the subject, the message, and the formatting features of this e-mail address. If you are sending attachments, the e-mail client tells the server what type of attachment it is.
The e-mail client denotes the end of the e-mail message using some special character such as a single period on its own line. This notifies the e-mail server that the message is finished.
The e-mail server takes over. The e-mail message is queued for delivery. The server examines the header of the message, which contains the destination e-mail address of [email protected]. The e-mail server uses the Internet Domain Name System (DNS) to look up this domain name company6789.com and find its e-mail server name and IP address. After it finds that the mail server is mail.company6789.com, it sends the message out on the public Internet, to be routed to its destination.
The destination mail server receives the e-mail message. After the message is received, the mail server, mail.electronic.com, reviews the headers to find that the e-mail message is addressed to [email protected]. The mail server identifies that “friend” has a mailbox here, and puts the e-mail message in “friend's” mailbox. Sitting in “friend's” mailbox, the message is waiting retrieval via POP3.
SMTP is also a clear text protocol. That means that the e-mail messages are sent across the network in plain readable text. If a snooper on the network were to intercept the message, he would be able to read it and even modify it.