the fundamental of electronic mail (e-mail)
TRANSCRIPT
1
“The Fundamental of
Electronic Mail (E-mail)”
By:
-Vishal Kumar
(CEH, CHFI, CISE, MCP)
2
Table of content
1. Introduction……………………………………………………………………………………………3
2. E-mail Architecture……………………………………………………………………………4
3. Email Message Structure……………………………………………………………7
3.1 Message Header………………………………………………..…………………………7
3.1.1 Header Fields…………………………………………………………………………….........8
3.1.2 E-mail Header Response……………………………………………………….………..10
3.2 Message Body…………………………………………………………………………...…12
3.2.1 Content Encoding…………………………………………………………………..………..12
3.2.1 Plain Text and HTML……………………………………………………………………………….12
4. Type of Mail……………………………………………………………………………….…12
4.1 Web-based Email………………………………………………………………………………………..12
4.2 POP3 Email Service…………………………………………………………………………………….12
4.3 IMAP Email Service……………………………………………………………………………………13
4.4 MAPI Email Service………………………………………………………………………….……………….13
5. Uses of Email………………………………………………………………………………….13
5.1 Business and Organizational Use……………….………………………………13
5.1.1 Facilitating Logistic…………………..…………..……………………………………………13
5.1.2 Helping with Synchronization………………..……………………………….………..13
5.1.3 Reducing Cost……………………………………………………………………………………….14
5.1.4 Increasing Speed…………………………………………………………………………………14
5.1.5 Creating a Written Record……………………………….……………………………….14
5.1.6Email Marketing…………..………………………………………….…………………………….14
5.2 Personal Use………………………………………………………………………………………14
5.2.1 Personal Computer…………………………………………………...............................14
5.2.2 Mobile Phone……………………………………………………………..………………………….15
3
Introduction
Electronic mail (email) is a method of exchanging messages between people using
electronics. Email first entered substantial use in the 1960s and by the mid-1970s
had taken the form now recognized as email.
Before internetworking began, therefore, email could only be used to send
messages to various users of the same computer. Once computers began to talk to
each other over networks, however, the problem became a little more complex -
We needed to be able to put a message in an envelope and address it. To do this,
we needed a means to indicate to whom letters should go that the electronic
posties - just like the postal system
Ray Tomlinson is credited with inventing email in 1972. He picked
the ―@‖ symbol from the computer keyboard to denote sending
messages from one computer to another. So then, for anyone using
Internet standards, it was simply a matter of nominating ―name-
of-the-user@name-of-the-computer‖.
Despite what the World Wide Web offers, email remains the most important
application of the Internet and the most widely used facility it has.
Things developed rapidly from there. Larry Roberts invented some email folders so
people could sort their mails. In 1975 John Vittal developed some software to
organize email. By 1976 email had really taken off, and commercial packages began
to appear.
The first important email standard was called SMTP, or simple message transfer
protocol. When Internet standards for email began to mature the POP (or Post
Office Protocol) servers began to appear as a standard - before that each server
was a little different. POP was an important standard to allow users to develop mail
systems that would work with each other.
4
E-mail Architecture
In electronic mail (e-mail), message is sent via a user agent MUA to a mail
submission agent (MSA) or mail/message transfer agent (MTA) using the simple
mail transfer protocol (SMTP). The set of cooperating MTAs comprise the message
transfer service (MTS). An MTA can receive e-mail from another MTA, and MSA
or MUA directly. Another piece of puzzle is a mail distribution agent (MDA) that’s
taking care of distributing e-mail to each user. The combination of MUA (client)
and MTAs (server) creates an e-mail system
An MTA will use SMTP to pass message consisting of headers and body between
itself and other MTA. The SMTP methods are quite simple: (E)HELLO, MAIL,
RCPT, DATA, and so on. Likewise, the POP protocol recognizes commands such as
USER, PASS, RETR and DELE, and LIST.
Fig: Mail System Components
5
An important fact to grasp is that e-mail transfer is based on stored and forward
model. A message may pass through several MTAs prior to being delivered to the
MTA associated with the intended recipient.
The protocol used between the MUA, an MTS, and an MTA need not be the
same. Two e-mail specific submission/delivery protocols are POP3 and its SSL
version, POP3S, and IMAP and its SSL version, IMAPS. In the case of POP3, the
MUA will contain the POP3 server and download all mail currently waiting for
delivery. Unless told otherwise, POP3 will then delete the mail from the server.
IMAP, on the other hand, retrieves e-mail from the server but doesn’t create a
local copy. If a particular message is deleted, it’s gone from the server.
Fig: Protocol Used by E-mail Components
6
SMTP transfers e-mails between one MTA and another. Some email applications
(such as Microsoft Outlook, Mozilla Thunderbird, and other) combine the function
of an MUA and MTA. Thunderbird, for example, can use POP3 and IMAP for
retrieving mails from the server and can use SMTP to deliver e-mail to the remote
server.
The final piece of puzzle is our old friend the Domain Name System (DNS).
A DNS record for a particular domain includes Mail Exchange (MX) records that
indicate which machines provide MTA service for that domain.
Fig: MX records of Google.com
7
E-mail Message Structure
The Internet email message format is now defined by RFC 5322, with encoding of
non-ASCII data and multimedia content attachments being defined in RFC 2045
through RFC 2049, collectively called Multipurpose Internet Mail Extensions or
MIME. RFC 5322 replaced the earlier RFC 2822 in 2008, and in turn RFC 2822 in
2001 replaced RFC 822 – which had been the standard for Internet email for nearly
20 years. Published in 1982, RFC 822 was based on the earlier RFC 733 for the
ARPANET.
Internet email messages consist of two major sections, the Message Header and
the Message Body, collectively known as Content. The header is structured into
fields such as From, To, CC, Subject, Date, and other information about the email.
In the process of transporting email messages between systems, SMTP
communicates delivery parameters and information using message header fields.
The body contains the message, as unstructured text, sometimes containing a
signature block at the end. The header is separated from the body by a blank line.
Message Header
Each message has exactly one header, which is structured into fields. Each field
has a name and a value. RFC 5322 specifies the precise syntax.
Informally, each line of text in the header that begins with a printable character
begins a separate field. The field name starts in the first character of the line and
ends before the separator character ":". The separator is then followed by the
field value (the "body" of the field). The value is continued onto subsequent lines if
those lines have a space or tab as their first character. Field names and values are
restricted to 7-bit ASCII characters. Some non-ASCII values may be represented
using MIME encoded words.
Below is the example of message header.
8
Fig: Simple E-mail Message Header
Header fields
Email header fields can be multi-line, and each line should be at most 78 characters
long and in no event more than 998 characters long. Header fields defined by RFC
5322 can only contain US-ASCII characters; for encoding characters in other
sets, a syntax specified in RFC 2047 can be used. Recently the IETF EAI (Internet
Engineering Task Force, Email Address Internationalization) working group has
defined some standards track extensions, replacing previous experimental
extensions, to allow UTF-8 encoded Unicode characters to be used within the
header. In particular, this allows email addresses to use non- ASCII characters.
Such addresses are supported by Google and Microsoft products, and promoted by
some governments.
The message header must include at least the following fields:
From: The email address, and optionally the name of the author(s). In many
email clients not changeable except through changing account settings.
Date: The local time and date when the message was written. Like the From:
field, many email clients fill this in automatically when sending. The
recipient's client may then display the time in the format and time zone local
to him/her.
9
RFC 3864 describes registration procedures for message header fields at the
IANA; it provides for permanent (http://www.iana.org/assignments/message-
headers/perm-headers.html) and provisional
(http://www.iana.org/assignments/message-headers/prov-headers.html) field
names, including also fields defined for MIME, netnews, and HTTP, and referencing
relevant RFCs. Common header fields for email include:
To: The email addresses in this field (optionally names of the message's
recipients) indicates primary recipients. There may be multiple email exits.
Subject: A brief summary of the topic of the message. Certain
abbreviations are commonly used in the subject, including "RE:" and "FW:".
Cc: Carbon copy; email mentioned in this field is the secondary recipients of
the message (Bcc: Blind carbon copy; addresses are usually only specified
during SMTP delivery, and not usually listed in the message header.)
Content-Type: Information about how the message is to be displayed,
usually a MIME type.
Precedence: commonly with values "bulk", "junk", or "list"; used to indicate
that automated "vacation" or "out of office" responses should not be
returned for this mail, e.g. to prevent vacation notices from being sent to all
other subscribers of a mailing list. Sendmail uses this field to affect
prioritization of queued email, with "Precedence: special-delivery" messages
delivered sooner.
Message-ID: Also an automatically generated field; used to prevent multiple
deliveries and for reference in In- Reply-To:.
In-Reply-To: Message-ID of the message that this is a reply to. Used to
link related messages together. This field only applies for reply messages.
References: Message-ID of the message that this is a reply to, and the
message-id of the message the previous reply were a reply to, etc.
Reply-To: Address that should be used to reply to the message.
Sender: Address of the actual sender acting on behalf of the author listed
in the From: field (secretary, list manager, etc.).
Archived-At: A direct link to the archived form of an individual email
message.
Note: - To: field is not necessarily related to the addresses to which the message
is delivered. The actual delivery list is supplied separately to the transport
10
protocol, SMTP, which may or may not originally have been extracted from the
header content.
The "To:" field is similar to the addressing at the top of a conventional letter
which is delivered according to the address on the outer envelope. In the same
way, the "From:" field does not have to be the real sender of the email message.
Some mail servers apply email authentication systems to messages being relayed.
Data pertaining to server's activity is also part of the header.
E-mail Header Response
Understanding response code from an SMTP or HTTP server is benefit when
investigating attacks. Transaction-oriented protocols such as HTTP and SMTP
consist of a query and response. Response codes are three of four digit numbers of
the form <xxx><yyy><zzz>. One of th simplest HTTP response is simply ―204 No
Content‖ that means exactly what it says. The list of HTTP status codes are
mention below in the table:
Category Descripting Example
1xx Informational 100: Continue
2xx Success 204: No Content
3xx Redirection 301: Moved permanently
4xx Client Error 404:0Not Found
5xx Server Error 500: Internal Server Error
Table: HTTP Status Codes
SMTP response codes are more complicated, but also provide more information.
These codes have the form <class><subject><specific-code>. The document ―Simple
Mail Transfer Protocol (SMTP) Enhanced Status Code Register‖ from www.iana.org
lists three classes of odes and eight subjects, as presented in below table.
11
Class Description
2.x.y Success
4.x.y Persistence Transient Failure. The situation may be resolved in
the future, but right now, the error condition holds.
5.x.y Permanent Failure. No point in retrying.
Table: SMTP Response Class Codes
A fully enumerated status code combines class, subject and specific status code.
The complete status code 4.2.2 indicated a ―mailbox full‖ condition that is
classified as a ―Persistence Transient failure‖ while 5.7.4 indicates that security
features are not supported (a permanent condition).
Interpreting status codes is one technique for investigating application
attacks. When you know what response are usual and expected and what error
codes mean, you can more accurately diagnose misbehaving applications and identify
applications that use nonstandard behavior or invalid or misleading responses as a
way of circumventing various security controls.
Table: SMTP Subject Codes
12
Message Body
Content Encoding
Internet email was originally designed for 7-bit ASCII. The MIME standard
introduced character set specifiers and two content transfer encodings to enable
transmission of non-ASCII data: quoted printable for mostly 7-bit content with a
few characters outside that range and base64 for arbitrary binary data. The
8BITMIME and BINARY extensions were introduced to allow transmission of mail
without the need for these encodings, but many mail transport agents still do not
support them fully.
Plain text and HTML
Most modern graphic email clients allow the use of either plain text or HTML for
the message body. Advantages of HTML include the ability to include in-line links
and images, set apart previous messages in block quotes, wrap naturally on any
display, use emphasis such as underlines and italics, and change font styles.
Disadvantages include the increased size of the email, privacy concerns about web
bugs, abuse of HTML email as a vector for phishing attacks and the spread of
malicious software.
Types of Mail
Web-based email
Many email providers have a web-based email client (e.g. AOL Mail, Gmail,
Outlook.com, Hotmail and Yahoo! Mail). This allows users to log into the email
account by using any compatible web browser to send and receive their email. Mail
is typically not downloaded to the client, so can't be read without a current
Internet connection.
POP3 email services
The Post Office Protocol 3 (POP3) is a mail access protocol used by a client
application to read messages from the mail server. Received messages are often
13
deleted from the server. POP supports simple download-and-delete requirements
for access to remote mailboxes (referred as maildrop).
IMAP email servers
The Internet Message Access Protocol (IMAP) provides features to manage a
mailbox from multiple devices. Small portable devices like smartphones, tablets
etc. IMAP shows the headers of messages, the sender and the subject and the
device needs to request to download specific messages. Usually mail is left in
folders in the mail server.
MAPI email servers
Messaging Application Programming Interface (MAPI) is used by Microsoft
Outlook to communicate to Microsoft Exchange Server - and to a range of other
email server products such as Axigen Mail Server, Kerio Connect, Scalix, Zimbra,
HP OpenMail, IBM Lotus Notes, Zarafa, and Bynari where vendors have added
MAPI support to allow their products to be accessed directly via Outlook.
Uses of Email
Business and Organizational use
Email has been widely accepted by business, governments and non-governmental
organizations in the developed world, and it is one of the key parts of an 'e-
revolution' in workplace communication.
It has some key benefits to business and other organizations, including:
Facilitating logistics
Much of the business world relies on communications between people who are
not physically in the same building, area, or even country; setting up and
attending an in-person meeting, telephone call, or conference call can be
inconvenient, time-consuming, and costly. Email provides a method of
exchanging information between two or more people with no set-up costs and
that is generally far less expensive than a physical meeting or phone call.
Helping with synchronization
14
With real time communication by meetings or phone calls, participants must
work on the same schedule, and each participant must spend the same
amount of time in the meeting or call. Email allows asynchrony: each
participant may control their schedule independently.
Reducing cost
Sending an email is much less expensive than sending postal mail, or long
distance telephone calls, telex or telegrams.
Increasing speed
Much faster than most of the alternatives.
Creating a "written" record
Unlike a telephone or in-person conversation, email by its nature creates a
detailed written record of the communication, the identity of the senders
and recipients and the date and time the message was sent. In the event of
a contract or legal dispute, saved emails can be used to prove that an
individual was advised of certain issues, as each email has the date and time
recorded on it.
Email marketing
Email marketing via "opt-in" is often successfully used to send special sales
offerings and new product information. Depending on the recipient's culture, email
sent without permission—such as an "opt-in"—is likely to be viewed as unwelcome
"email spam".
Personal use
Personal computer
Many users access their personal email from friends and family members using a
personal computer in their house or apartment.
15
Mobile
Email has become used on smartphones and on all types of computers. Mobile
"apps" for email increase accessibility to the medium for users who are out of
their home.