the fundamental of electronic mail (e-mail)

15
1 “The Fundamental of Electronic Mail (E-mail)” By: -Vishal Kumar (CEH, CHFI, CISE, MCP) [email protected]

Upload: vishal-kumar

Post on 21-Jan-2018

292 views

Category:

Education


2 download

TRANSCRIPT

Page 1: The Fundamental of Electronic Mail (E-mail)

1

“The Fundamental of

Electronic Mail (E-mail)”

By:

-Vishal Kumar

(CEH, CHFI, CISE, MCP)

[email protected]

Page 2: The Fundamental of Electronic Mail (E-mail)

2

Table of content

1. Introduction……………………………………………………………………………………………3

2. E-mail Architecture……………………………………………………………………………4

3. Email Message Structure……………………………………………………………7

3.1 Message Header………………………………………………..…………………………7

3.1.1 Header Fields…………………………………………………………………………….........8

3.1.2 E-mail Header Response……………………………………………………….………..10

3.2 Message Body…………………………………………………………………………...…12

3.2.1 Content Encoding…………………………………………………………………..………..12

3.2.1 Plain Text and HTML……………………………………………………………………………….12

4. Type of Mail……………………………………………………………………………….…12

4.1 Web-based Email………………………………………………………………………………………..12

4.2 POP3 Email Service…………………………………………………………………………………….12

4.3 IMAP Email Service……………………………………………………………………………………13

4.4 MAPI Email Service………………………………………………………………………….……………….13

5. Uses of Email………………………………………………………………………………….13

5.1 Business and Organizational Use……………….………………………………13

5.1.1 Facilitating Logistic…………………..…………..……………………………………………13

5.1.2 Helping with Synchronization………………..……………………………….………..13

5.1.3 Reducing Cost……………………………………………………………………………………….14

5.1.4 Increasing Speed…………………………………………………………………………………14

5.1.5 Creating a Written Record……………………………….……………………………….14

5.1.6Email Marketing…………..………………………………………….…………………………….14

5.2 Personal Use………………………………………………………………………………………14

5.2.1 Personal Computer…………………………………………………...............................14

5.2.2 Mobile Phone……………………………………………………………..………………………….15

Page 3: The Fundamental of Electronic Mail (E-mail)

3

Introduction

Electronic mail (email) is a method of exchanging messages between people using

electronics. Email first entered substantial use in the 1960s and by the mid-1970s

had taken the form now recognized as email.

Before internetworking began, therefore, email could only be used to send

messages to various users of the same computer. Once computers began to talk to

each other over networks, however, the problem became a little more complex -

We needed to be able to put a message in an envelope and address it. To do this,

we needed a means to indicate to whom letters should go that the electronic

posties - just like the postal system

Ray Tomlinson is credited with inventing email in 1972. He picked

the ―@‖ symbol from the computer keyboard to denote sending

messages from one computer to another. So then, for anyone using

Internet standards, it was simply a matter of nominating ―name-

of-the-user@name-of-the-computer‖.

Despite what the World Wide Web offers, email remains the most important

application of the Internet and the most widely used facility it has.

Things developed rapidly from there. Larry Roberts invented some email folders so

people could sort their mails. In 1975 John Vittal developed some software to

organize email. By 1976 email had really taken off, and commercial packages began

to appear.

The first important email standard was called SMTP, or simple message transfer

protocol. When Internet standards for email began to mature the POP (or Post

Office Protocol) servers began to appear as a standard - before that each server

was a little different. POP was an important standard to allow users to develop mail

systems that would work with each other.

Page 4: The Fundamental of Electronic Mail (E-mail)

4

E-mail Architecture

In electronic mail (e-mail), message is sent via a user agent MUA to a mail

submission agent (MSA) or mail/message transfer agent (MTA) using the simple

mail transfer protocol (SMTP). The set of cooperating MTAs comprise the message

transfer service (MTS). An MTA can receive e-mail from another MTA, and MSA

or MUA directly. Another piece of puzzle is a mail distribution agent (MDA) that’s

taking care of distributing e-mail to each user. The combination of MUA (client)

and MTAs (server) creates an e-mail system

An MTA will use SMTP to pass message consisting of headers and body between

itself and other MTA. The SMTP methods are quite simple: (E)HELLO, MAIL,

RCPT, DATA, and so on. Likewise, the POP protocol recognizes commands such as

USER, PASS, RETR and DELE, and LIST.

Fig: Mail System Components

Page 5: The Fundamental of Electronic Mail (E-mail)

5

An important fact to grasp is that e-mail transfer is based on stored and forward

model. A message may pass through several MTAs prior to being delivered to the

MTA associated with the intended recipient.

The protocol used between the MUA, an MTS, and an MTA need not be the

same. Two e-mail specific submission/delivery protocols are POP3 and its SSL

version, POP3S, and IMAP and its SSL version, IMAPS. In the case of POP3, the

MUA will contain the POP3 server and download all mail currently waiting for

delivery. Unless told otherwise, POP3 will then delete the mail from the server.

IMAP, on the other hand, retrieves e-mail from the server but doesn’t create a

local copy. If a particular message is deleted, it’s gone from the server.

Fig: Protocol Used by E-mail Components

Page 6: The Fundamental of Electronic Mail (E-mail)

6

SMTP transfers e-mails between one MTA and another. Some email applications

(such as Microsoft Outlook, Mozilla Thunderbird, and other) combine the function

of an MUA and MTA. Thunderbird, for example, can use POP3 and IMAP for

retrieving mails from the server and can use SMTP to deliver e-mail to the remote

server.

The final piece of puzzle is our old friend the Domain Name System (DNS).

A DNS record for a particular domain includes Mail Exchange (MX) records that

indicate which machines provide MTA service for that domain.

Fig: MX records of Google.com

Page 7: The Fundamental of Electronic Mail (E-mail)

7

E-mail Message Structure

The Internet email message format is now defined by RFC 5322, with encoding of

non-ASCII data and multimedia content attachments being defined in RFC 2045

through RFC 2049, collectively called Multipurpose Internet Mail Extensions or

MIME. RFC 5322 replaced the earlier RFC 2822 in 2008, and in turn RFC 2822 in

2001 replaced RFC 822 – which had been the standard for Internet email for nearly

20 years. Published in 1982, RFC 822 was based on the earlier RFC 733 for the

ARPANET.

Internet email messages consist of two major sections, the Message Header and

the Message Body, collectively known as Content. The header is structured into

fields such as From, To, CC, Subject, Date, and other information about the email.

In the process of transporting email messages between systems, SMTP

communicates delivery parameters and information using message header fields.

The body contains the message, as unstructured text, sometimes containing a

signature block at the end. The header is separated from the body by a blank line.

Message Header

Each message has exactly one header, which is structured into fields. Each field

has a name and a value. RFC 5322 specifies the precise syntax.

Informally, each line of text in the header that begins with a printable character

begins a separate field. The field name starts in the first character of the line and

ends before the separator character ":". The separator is then followed by the

field value (the "body" of the field). The value is continued onto subsequent lines if

those lines have a space or tab as their first character. Field names and values are

restricted to 7-bit ASCII characters. Some non-ASCII values may be represented

using MIME encoded words.

Below is the example of message header.

Page 8: The Fundamental of Electronic Mail (E-mail)

8

Fig: Simple E-mail Message Header

Header fields

Email header fields can be multi-line, and each line should be at most 78 characters

long and in no event more than 998 characters long. Header fields defined by RFC

5322 can only contain US-ASCII characters; for encoding characters in other

sets, a syntax specified in RFC 2047 can be used. Recently the IETF EAI (Internet

Engineering Task Force, Email Address Internationalization) working group has

defined some standards track extensions, replacing previous experimental

extensions, to allow UTF-8 encoded Unicode characters to be used within the

header. In particular, this allows email addresses to use non- ASCII characters.

Such addresses are supported by Google and Microsoft products, and promoted by

some governments.

The message header must include at least the following fields:

From: The email address, and optionally the name of the author(s). In many

email clients not changeable except through changing account settings.

Date: The local time and date when the message was written. Like the From:

field, many email clients fill this in automatically when sending. The

recipient's client may then display the time in the format and time zone local

to him/her.

Page 9: The Fundamental of Electronic Mail (E-mail)

9

RFC 3864 describes registration procedures for message header fields at the

IANA; it provides for permanent (http://www.iana.org/assignments/message-

headers/perm-headers.html) and provisional

(http://www.iana.org/assignments/message-headers/prov-headers.html) field

names, including also fields defined for MIME, netnews, and HTTP, and referencing

relevant RFCs. Common header fields for email include:

To: The email addresses in this field (optionally names of the message's

recipients) indicates primary recipients. There may be multiple email exits.

Subject: A brief summary of the topic of the message. Certain

abbreviations are commonly used in the subject, including "RE:" and "FW:".

Cc: Carbon copy; email mentioned in this field is the secondary recipients of

the message (Bcc: Blind carbon copy; addresses are usually only specified

during SMTP delivery, and not usually listed in the message header.)

Content-Type: Information about how the message is to be displayed,

usually a MIME type.

Precedence: commonly with values "bulk", "junk", or "list"; used to indicate

that automated "vacation" or "out of office" responses should not be

returned for this mail, e.g. to prevent vacation notices from being sent to all

other subscribers of a mailing list. Sendmail uses this field to affect

prioritization of queued email, with "Precedence: special-delivery" messages

delivered sooner.

Message-ID: Also an automatically generated field; used to prevent multiple

deliveries and for reference in In- Reply-To:.

In-Reply-To: Message-ID of the message that this is a reply to. Used to

link related messages together. This field only applies for reply messages.

References: Message-ID of the message that this is a reply to, and the

message-id of the message the previous reply were a reply to, etc.

Reply-To: Address that should be used to reply to the message.

Sender: Address of the actual sender acting on behalf of the author listed

in the From: field (secretary, list manager, etc.).

Archived-At: A direct link to the archived form of an individual email

message.

Note: - To: field is not necessarily related to the addresses to which the message

is delivered. The actual delivery list is supplied separately to the transport

Page 10: The Fundamental of Electronic Mail (E-mail)

10

protocol, SMTP, which may or may not originally have been extracted from the

header content.

The "To:" field is similar to the addressing at the top of a conventional letter

which is delivered according to the address on the outer envelope. In the same

way, the "From:" field does not have to be the real sender of the email message.

Some mail servers apply email authentication systems to messages being relayed.

Data pertaining to server's activity is also part of the header.

E-mail Header Response

Understanding response code from an SMTP or HTTP server is benefit when

investigating attacks. Transaction-oriented protocols such as HTTP and SMTP

consist of a query and response. Response codes are three of four digit numbers of

the form <xxx><yyy><zzz>. One of th simplest HTTP response is simply ―204 No

Content‖ that means exactly what it says. The list of HTTP status codes are

mention below in the table:

Category Descripting Example

1xx Informational 100: Continue

2xx Success 204: No Content

3xx Redirection 301: Moved permanently

4xx Client Error 404:0Not Found

5xx Server Error 500: Internal Server Error

Table: HTTP Status Codes

SMTP response codes are more complicated, but also provide more information.

These codes have the form <class><subject><specific-code>. The document ―Simple

Mail Transfer Protocol (SMTP) Enhanced Status Code Register‖ from www.iana.org

lists three classes of odes and eight subjects, as presented in below table.

Page 11: The Fundamental of Electronic Mail (E-mail)

11

Class Description

2.x.y Success

4.x.y Persistence Transient Failure. The situation may be resolved in

the future, but right now, the error condition holds.

5.x.y Permanent Failure. No point in retrying.

Table: SMTP Response Class Codes

A fully enumerated status code combines class, subject and specific status code.

The complete status code 4.2.2 indicated a ―mailbox full‖ condition that is

classified as a ―Persistence Transient failure‖ while 5.7.4 indicates that security

features are not supported (a permanent condition).

Interpreting status codes is one technique for investigating application

attacks. When you know what response are usual and expected and what error

codes mean, you can more accurately diagnose misbehaving applications and identify

applications that use nonstandard behavior or invalid or misleading responses as a

way of circumventing various security controls.

Table: SMTP Subject Codes

Page 12: The Fundamental of Electronic Mail (E-mail)

12

Message Body

Content Encoding

Internet email was originally designed for 7-bit ASCII. The MIME standard

introduced character set specifiers and two content transfer encodings to enable

transmission of non-ASCII data: quoted printable for mostly 7-bit content with a

few characters outside that range and base64 for arbitrary binary data. The

8BITMIME and BINARY extensions were introduced to allow transmission of mail

without the need for these encodings, but many mail transport agents still do not

support them fully.

Plain text and HTML

Most modern graphic email clients allow the use of either plain text or HTML for

the message body. Advantages of HTML include the ability to include in-line links

and images, set apart previous messages in block quotes, wrap naturally on any

display, use emphasis such as underlines and italics, and change font styles.

Disadvantages include the increased size of the email, privacy concerns about web

bugs, abuse of HTML email as a vector for phishing attacks and the spread of

malicious software.

Types of Mail

Web-based email

Many email providers have a web-based email client (e.g. AOL Mail, Gmail,

Outlook.com, Hotmail and Yahoo! Mail). This allows users to log into the email

account by using any compatible web browser to send and receive their email. Mail

is typically not downloaded to the client, so can't be read without a current

Internet connection.

POP3 email services

The Post Office Protocol 3 (POP3) is a mail access protocol used by a client

application to read messages from the mail server. Received messages are often

Page 13: The Fundamental of Electronic Mail (E-mail)

13

deleted from the server. POP supports simple download-and-delete requirements

for access to remote mailboxes (referred as maildrop).

IMAP email servers

The Internet Message Access Protocol (IMAP) provides features to manage a

mailbox from multiple devices. Small portable devices like smartphones, tablets

etc. IMAP shows the headers of messages, the sender and the subject and the

device needs to request to download specific messages. Usually mail is left in

folders in the mail server.

MAPI email servers

Messaging Application Programming Interface (MAPI) is used by Microsoft

Outlook to communicate to Microsoft Exchange Server - and to a range of other

email server products such as Axigen Mail Server, Kerio Connect, Scalix, Zimbra,

HP OpenMail, IBM Lotus Notes, Zarafa, and Bynari where vendors have added

MAPI support to allow their products to be accessed directly via Outlook.

Uses of Email

Business and Organizational use

Email has been widely accepted by business, governments and non-governmental

organizations in the developed world, and it is one of the key parts of an 'e-

revolution' in workplace communication.

It has some key benefits to business and other organizations, including:

Facilitating logistics

Much of the business world relies on communications between people who are

not physically in the same building, area, or even country; setting up and

attending an in-person meeting, telephone call, or conference call can be

inconvenient, time-consuming, and costly. Email provides a method of

exchanging information between two or more people with no set-up costs and

that is generally far less expensive than a physical meeting or phone call.

Helping with synchronization

Page 14: The Fundamental of Electronic Mail (E-mail)

14

With real time communication by meetings or phone calls, participants must

work on the same schedule, and each participant must spend the same

amount of time in the meeting or call. Email allows asynchrony: each

participant may control their schedule independently.

Reducing cost

Sending an email is much less expensive than sending postal mail, or long

distance telephone calls, telex or telegrams.

Increasing speed

Much faster than most of the alternatives.

Creating a "written" record

Unlike a telephone or in-person conversation, email by its nature creates a

detailed written record of the communication, the identity of the senders

and recipients and the date and time the message was sent. In the event of

a contract or legal dispute, saved emails can be used to prove that an

individual was advised of certain issues, as each email has the date and time

recorded on it.

Email marketing

Email marketing via "opt-in" is often successfully used to send special sales

offerings and new product information. Depending on the recipient's culture, email

sent without permission—such as an "opt-in"—is likely to be viewed as unwelcome

"email spam".

Personal use

Personal computer

Many users access their personal email from friends and family members using a

personal computer in their house or apartment.

Page 15: The Fundamental of Electronic Mail (E-mail)

15

Mobile

Email has become used on smartphones and on all types of computers. Mobile

"apps" for email increase accessibility to the medium for users who are out of

their home.