E-mail (an acronym for Electronic Mail) is the application that initially popularized the Internet. It allows a user to type in one or more e-mail addresses, compose a message, and send it to another user or a group of users.
"Email is a core application of large-scale computer networking and has been such since the early days of Internet development. In those early days, networking was a collegial, research-oriented enterprise. Security was not a consideration. The past forty years have seen diversity in applications operated over the Internet, and worldwide adoption of email by research organizations, governments, militaries, businesses and individuals. At the same time there has been and associated increase in criminal and nuisance threats."
|“||E-mail is "comparable in principle to sending a first-class letter". . . . Both the sender and the recipient have "an address (rather like a telephone number)". . . . Such an e-mail address represents a individual user’s chosen identifying name at a particular computer system, for example, "firstname.lastname@example.org," . . . with the "host computer providing Internet services ('site') [having] a unique Internet address which is an alphanumeric 'domain name' [registered with] the Internet Network Information Center ('Internic'), a collaborative project established by the National Science Foundation.||”|
|“||The analogy [to a letter] is not a perfect one, however, for two reasons. First, the sender directs his message to a logical rather than geographic address, and therefore need not know the location of his correspondent in real space. Second, most programs provide for a ‘reply’ option which enables the recipient to respond to the sender’s message simply by clicking on a button; the recipient will therefore not even need to type in the sender’s e-mail address. A further distinction concerns the level of security that protects a communication. While first-class letters are sealed, e-mail communications are more easily intercepted.||”|
How e-mail works
E-mail can be generated by different devices and methods but, most commonly, a user composes the message on her own computer and then sends it off to her mail server. At this point the user's computer is finished with the job, but the mail server still has to deliver the message. A mail server is like an electronic post office — it sends and receives electronic mail. Most of the time, the mail server is separate from the computer where the e-mail was composed.
The sender's mail server delivers the message by finding the recipient's mail server and forwards the message to that location. The message then resides on that second mail server and is available to the recipient.
The software program used to compose and read the e-mail message is sometimes referred to as the e-mail client. Depending on how the recipient’s e-mail client is configured, a copy of the message could be found on the recipient’s computer, another electronic device such as an all-in-one telephone or PDA, and/or the mail server or its backup tapes. A copy of the message may also be found on the sender’s computer (in the “sent” box or trash), or on the sender’s mail server or its backup tapes.
Basic components of an e-mail
Various methods are used for creating and sending an e-mail message. The appearance of an e-mail message depends on the device or software program used. However, a message typically has a header and a body and may also have attachments. The e-mail header contains addressing information and the route that an e-mail takes from sender to receiver. The body contains the content of the communication. Attachments may be any type of file such as pictures, documents, sound, and video.
When initially viewing an e-mail message, only a small portion of the e-mail header may be displayed. This usually is information put into the message by the sender, as represented in the following image.
However, the e-mail message depicted in above does not display all of the available information. Additional information associated with the e-mail may be obtained by looking at the header in more detail, which can be done in different ways depending on the software program being used. In the example below, the originating IP address is [184.108.40.206].
The journey of the message can usually be reconstructed by reading the e-mail header from bottom to top. As the message passes through additional mail servers, the mail server will add its information above the previous information in the header.
The envelope header contains information added to the header by the mail servers that receive the message during the journey. The “Received:” lines and the Message-ID line are the main components of the envelope header and are generally more difficult to spoof. In the following example, lines 9 through 12 are part of the envelope header.
The message header contains information added to the header by the user’s e-mail client. This is generally user-created information and is the easiest to spoof. It contains the To:, From:, Return-Path:, Subject:, Content-Type:, and the first Date and time. In the following example, lines 2 though 8 are part of the message header.
"The Internet's underlying e-mail protocol was adopted in 1982 and can still be deployed and operated today. However, this protocol is susceptible to a wide range of attacks including man-in-the-middle content modification and content surveillance. The basic standards have been modified and augmented over the years with adaptations that mitigate these threats. With spoofing protection, content modification protection, encryption and authentication, properly implemented email can be regarded as sufficiently secure for government, financial and medical communications."
- Integrity-related threats to the email system, which could result in unauthorized access to an enterprises' email system.
- Confidentiality-related threats to email, which could result in unauthorized disclosure of sensitive information.
- Availability-related threats to the email system, which could prevent end users from being able to send or receive email."
- NIST Special Publication 800-177, at v.
- People v. Lipsitz, 174 Misc. 2d 571, 663 N.Y.S.2d 468, 475 (Sup. Ct. N.Y. Cty. 1997) (full-text).
- American Library Ass’n v. Pataki, 969 F. Supp. 160, 165 (S.D.N.Y. 1997) (full-text).
- NIST Special Publication 800-177, at v.
- Id. at 13.
- See Quon v. Arch Wireless Operating Co., 529 F.3d 892, 904-05 (9th Cir. 2008) (full-text), rev'd on other grounds and remanded, City of Ontario, Cal. v. Quon, 560 U.S. 746 (2010) (full-text); United States v. Forrester, 512 F.3d 500, 510-11 (9th Cir. 2008); cf. Smith v. Maryland, 442 U.S. 735, 743-44 (1979) (no legitimate expectation of privacy in dialing, routing, addressing, and signaling information transmitted to telephone companies).
- E-mail address
- E-mail application
- E-mail attachment
- E-mail bomb
- E-mail campaign
- E-mail client
- E-mail distribution list
- E-mail generator
- E-mail interception
- E-mail list
- E-mail protocol
- E-mail server
- E-mail service
- E-mail service provider
- E-mail spoofing
- E-mail system
- E-mail thread
- Email account
- Email attachment
- Email bombing
- Email forwarding
- Email redirector
- Email Sender and Provider Coalition
- Email social engineering attack
- Hoax email
- Marketing e-mail
- Transactional e-mail
- Unsolicited commercial electronic mail