Networking 4 Flashcards
Simple (Stupid) Mail Transfer Protocol (SMTP)
SMTP is a connection-oriented text-based protocol, similar to the way HTTP is a text-based protocol.
Each connection can be re-used to send multiple emails, called SMTP transactions.
Authentication is not part of this, so you could impersonate anybody and it would accept it.
MAIL Command
The MAIL command establishes the return path (return address), bounce address (where to send an error message if the mail delivery fails), sender, amongst other things.
RCPT Command
The RCPT command establishes the address of the recipient. You can use the RCPT command multiple times to establish multiple recipients.
DATA Command
The DATA command signifies the start of the message text. The DATA section of an email consists of an email header and an email body. The email header contains metadata about the email, and the email body is the contents of the email itself.
POP3 (Post Office Protocol 3)
With the POP3 protocol, your email is stored on the email server until you sync with the email server.
After you have synced with the email server, then the email will be deleted from the email server.
POP3 was important because of limited space available on email servers at the time. These days it has mostly been superseded by IMAP and Exchange.
Downsides of POP3
1) You risk losing emails if the computer you download them to loses a hard drive and you don’t have a backup.
2) It doesn’t play nice with having an email account on multiple devices because you’ll end up with some emails on your phone and some on your computer (for example) and they won’t be on both.
Internet Message Access Protocol (IMAP)
It is the most common protocol in use today for accessing email on an email server.
The messages remain on the server until the user specifically deletes them, and in addition, the IMAP server can track state on each email (whether it has been read, or unread for example).
It also supports server-side search, which means you can rely on the email server to perform a search for messages that meet certain criteria.
Microsoft Exchange
Microsoft Exchange isn’t strictly a protocol, rather it is a server software.
Originally, Exchange only supported the MAPI protocol, which was a proprietary protocol developed by Microsoft. These days, Microsoft Exchange also supports IMAP, POP3 and EAS (Exchange Active Sync).
The downside is that it is restricted to Windows Server, so you can’t run an exchange server on Linux.
Email Spoofing
Anyone with access to an SMTP server (even one they set up themselves) is capable of sending an email with any FROM address.
Even though there is authentication on all modern SMTP servers, that only controls whether you are allowed to send emails through that SMTP server. Once you are allowed access, you can set any FROM address you like.
There have been several attempts to solve this problem over the years. The ones that are currently in use are SPF and DKIM.
Sender Policy Framework (SPF)
The idea is that in the DNS configuration for your domain, you put in a text record that is a list of all the IP addresses of mail servers allowed to send emails from your domain.
When a mail server receives an email that says it is from your domain, it will look up the SPF record for your domain and compare the IP address of the mail server that delivered the email with the list of valid IP addresses in the SPF record.
If the IP address is not on the list, then the receiving mail server knows the email is a forgery.
Downside of SPF
Many organisations no longer host their own email, they rather outsource it to a company like Google, so if you specify in your SPF record that Google is allowed to send emails from your domain, then anyone with a Gmail account can bypass your SPF protection.
DomainKeys Identified Email (DKIM)
The idea with DKIM is that you put a public key in your text record in your DNS settings for that domain.
When your email server sends an email legitimately, it will sign that email with your private key. When the receiving server gets the email, it will validate that signature using the public key in your DNS records.
If the signature is valid, then that email comes from a legitimate source, and if the email is not signed or the signature is not valid, then the email is a forgery.
This is better than SPF because most email hosts are able to have separate private keys for every domain they host email for.
