Electronic mail - PowerPoint PPT Presentation

About This Presentation
Title:

Electronic mail

Description:

e.g., Eudora, Outlook, elm, Netscape Messenger. outgoing, incoming messages stored on server ... private-key to digitally sign the email associated. with the ... – PowerPoint PPT presentation

Number of Views:296
Avg rating:3.0/5.0
Slides: 48
Provided by: guntisb
Category:
Tags: electronic | mail

less

Transcript and Presenter's Notes

Title: Electronic mail


1
Electronic mail protocol evolution
2
E-mail standards
3
Electronic Mail
  • Three major components
  • user agents
  • mail servers
  • simple mail transfer protocol SMTP, TCP port 25
  • User Agent
  • a.k.a. mail reader
  • composing, editing, reading mail messages
  • e.g., Eudora, Outlook, elm, Netscape Messenger
  • outgoing, incoming messages stored on server

4
Email terminology
5
SMTP (RFC 821)
6
Sample SMTP interaction TCP port 25
S 220 hamburger.edu C HELO crepes.fr
S 250 Hello crepes.fr, pleased to meet
you C MAIL FROM ltalice_at_crepes.frgt
S 250 alice_at_crepes.fr... Sender ok C RCPT
TO ltbob_at_hamburger.edugt S 250
bob_at_hamburger.edu ... Recipient ok C DATA
S 354 Enter mail, end with "." on a line
by itself C Do you like ketchup? C
How about pickles? C . S 250
Message accepted for delivery C QUIT
S 221 hamburger.edu closing connection
7
Mail Standard RFC822
  • Published in 1982
  • Lines no longer than 1000 char
  • Message body - plain US-ASCII text
  • Message header lines - plain US-ASCII text
  • Limit on message length

8
RFC 822 format
9
RFC 822 restrictions
  • no multiple objects in a single message
  • no multi-part message bodies
  • no non-textual bodies
  • no X.400 messages can be gatewayed
  • no multifont messages

10
ASCII times are over!
  • Now we want
  • National language support
  • Possibility to send
  • pictures
  • audiofiles
  • other applications
  • video files
  • multimedia applications

11
MIME - Multipurpose Internet Mail Extension
  • RFC 2045-2048 obsolete RFC 1521, 1522,1590
  • RFC 2045 Format of Internet Message Bodies
  • RFC 2046 Media Types
  • RFC 2047 Message Header Extension for
    Non-ASCII Text
  • RFC 2048 Registration Procedures
  • To solve RFC822 restrictions without serious
    incompatibilities with it

12
MIME
13
MIME types and sub-types
14
base64 encoding
15
Mail message format
header
  • SMTP protocol for exchanging email msgs
  • RFC 822 standard for text message format
  • header lines, e.g.,
  • To
  • From
  • Subject
  • different from SMTP commands!
  • body
  • the message, 7-bit ASCII characters only

blank line
body
16
Message format multimedia extensions
  • MIME multimedia mail extension, RFC 2045, 2056
  • additional lines in msg header declare MIME
    content type

MIME version
method used to encode data
multimedia data type, subtype, parameter
declaration
encoded data
17
Multipart Type
From alice_at_crepes.fr To bob_at_hamburger.edu
Subject Picture of yummy crepe. MIME-Version
1.0 Content-Type multipart/mixed
boundary98766789 --98766789 Content-Transfer-En
coding quoted-printable Content-Type
text/plain Dear Bob, Please find a picture of a
crepe. --98766789 Content-Transfer-Encoding
base64 Content-Type image/jpeg base64 encoded
data ..... .........................
......base64 encoded data --98766789--
18
Multipart Type
From alice_at_crepes.fr To bob_at_hamburger.edu
Subject Picture of yummy crepe. MIME-Version
1.0 Content-Type multipart/mixed
boundaryStartOfNextPart --StartOfNextPart Dear
Bob, Please find a picture of a
crepe. --StartOfNextPart Content-Transfer-Encoding
base64 Content-Type image/jpeg base64 encoded
data ..... .........................
......base64 encoded data --StartOfNextPart Do
you want the reciple?
19
Mail access protocols
SMTP
access protocol
receivers mail server
  • SMTP delivery/storage to receivers server
  • Mail access protocol retrieval from server
  • POP Post Office Protocol RFC 1939
  • authorization (agent lt--gtserver) and download
  • IMAP Internet Mail Access Protocol RFC 1730
  • more features (more complex)
  • manipulation of stored msgs on server
  • HTTP Hotmail , Yahoo! Mail, etc.

20
Try SMTP interaction for yourself
  • telnet servername 25
  • see 220 reply from server
  • enter HELO, MAIL FROM, RCPT TO, DATA, QUIT
    commands
  • above lets you send email without using email
    client (reader)

21
Post Office Protocol (POP3)
22
(No Transcript)
23
POP3 protocol
S OK POP3 server ready C user bob S OK
C pass hungry S OK user successfully logged
on
  • authorization phase
  • client commands
  • user declare username
  • pass password
  • server responses
  • OK
  • -ERR
  • transaction phase, client
  • list list message numbers
  • retr retrieve message by number
  • dele delete
  • quit

C list S 1 498 S 2 912
S . C retr 1 S ltmessage 1
contentsgt S . C dele 1 C retr
2 S ltmessage 1 contentsgt S .
C dele 2 C quit S OK POP3 server
signing off
24
IMAP
25
Web Mail
http//www.squirrelmail.org
26
(Adjusted) Mail Architecture
Off-Campus E-mail
Anti-virus
Content Filter
Director
Antispam
petrel
alpha
admsrvcs
27
(No Transcript)
28
Outgoing mail authenticationRDC 2554
S 220 smtp.example.com ESMTP server ready C
EHLO jgm.example.com S 250-smtp.example.com S
250 AUTH CRAM-MD5 DIGEST-MD5 C AUTH FOOBAR S
504 Unrecognized authentication type. C AUTH
CRAM-MD5 S 334 U0NnbmhNWitOMjNGNndAZWx3b29kLmlubm
9zb2Z0LmNvbT4 C ZnJlZCA5ZTk1YWVlMDljNDBhZjJiODRh
MGMyYjNiYmFlNzg2ZQ S 235 Authentication
successful.
29
(No Transcript)
30
Spam mail
SMTP MAIL FROM ltwww_at_server.thirdstone.netgt
SMTP HELO server.thirdstone.net
Return-Path ltwww_at_server.thirdstone.netgt Delivered
-To guntis_at_latnet.lv Received from
server.thirdstone.net (unknown 66.216.98.139) b
y pumpis4.latnet.lv (Postfix) with ESMTP id
C09DF4943B for ltguntis_at_latnet.lvgt Fri, 24 Mar
2006 153429 0200 (EET) Received by
server.thirdstone.net (Postfix, from userid
80) id 2628636A33E Fri, 24 Mar 2006 054035
-0800 (PST) To guntis_at_latnet.lv Subject Your
online account has been limited From Chase Card
Services Online Services Team ltchaseonline_at_chaseon
line.chase.comgt Content-Type text/html Message-Id
lt20060324134035.2628636A33E_at_server.thirdstone.ne
tgt Date Fri, 24 Mar 2006 054035 -0800
(PST) X-Virus-Scanned amavisd-new 2.3.2
(20050629) at latnet.lv X-Spam-Status No,
hits5.448 tagged_above0 required7 testsBAYES
_40-0.002, HTML_40_500.496, HTML_IMAGE_ONLY_321
.052, HTML_MESSAGE0.001, HTML_TAG20.1,
MESSAGE_ID_EXIST1-0.1, MESSAGE_ID_EXIST2-0.1,
MIME_HEADER_CTYPE_ONLY0, MIME_HTML_ONLY0.001,
NO_DNS_FOR_FROM3.2, ONLINE_IN_BODY0.1, SARE_RD_
GOOGLE0.8, URL_STARTS_WITH_WWW-0.1 X-Spam-Level

Reverse DNS lookup
Return-Path ltfreuy_at_fifa.orggt Received from
fifa.org (218-175-82-64.dynamic.hinet.net
218.175.82.64) by alfred.taide.net (Postfix)
with SMTP id 675FB3430E for ltguntis.barzdins_at_taid
e.netgt Sun, 26 Mar 2006 111252 0200
(CEST) Message-ID lt000001c650b55fc868b00548a8c0
_at_cmb1gt Reply-To "Aegle Freudenburg"
ltfreuy_at_fifa.orggt From "Aegle Freudenburg"
ltfreuy_at_fifa.orggt To guntis.barzdins_at_taide.net Sub
ject Re new Date Sun, 26 Mar 2006 041215
-0500 X-Virus-Scanned by amavisd-new at
taide.net X-Spam-Status GOOD 0.0000000
4d8e508788a7565e07ee1405c73c45f1
31
Mail from El Presidente
Return-Path ltelvis_at_graceland.orggt Delivered-To
steve_at_blighty.com Received from
fake-name.example.com (unknown 64.71.176.18)
by gp.word-to-the-wise.com (Postfix) with
SMTP id 3DD7790000D for
ltsteve_at_blighty.comgt Tue, 2 Dec 2003 125536
-0800 (PST) From El Presidente
ltpresident_at_whitehouse.comgt To Steve Atkins
ltsteve_at_blighty.comgt Subject Fake
Mail Message-Id lt20031202205536.3DD779_at_gp.word-to
-the-wise.comgt Date Tue, 2 Dec 2003 125536
-0800 (PST) Status RO Content-Length 15 Lines
1 Some body text
32
Sending spam (relay hijacking)
Third-party mailserver (10.11.12.13)
SMTP
Spammer (64.71.176.18)
SMTP
POP3
Recipients MX
33
Sending spam (relay hijacking)
Received from openrelay.com (mail.openrelay.com
10.11.12.13) by gp.word-to-the-wise.com
(Postfix) with SMTP id 3DD7790000D for
ltsteve_at_blighty.comgt Tue, 2 Dec 2003 125536
-0800 (PST) Received from fake-spammer-helo
(spammer.net 64.71.176.18) by
openrelay.com (Postfix) with SMTP id 3DD7790000D
for ltsteve_at_blighty.comgt Tue, 2 Dec 2003
125536 -0800 (PST)
You can see the relay, and the original spammer
34
Sending spam (direct to MX)
SMTP
POP3
Spammer (64.71.176.18)
Recipients MX
35
Sending spam (direct to MX)
Received from fake-spammer-helo (spammer.net
64.71.176.18) by gp.word-to-the-wise.com
(Postfix) with SMTP id 3DD7790000D for
ltsteve_at_blighty.comgt Tue, 2 Dec 2003 125536
-0800 (PST)
You can see the spammer
36
Sending spam (proxy hijacking)
Open proxy (192.168.1.1)
HTTP
Spammer (64.71.176.18)
SMTP
POP3
Recipients MX
37
Sending spam (proxy hijacking)
Received from fake-spammer-helo (open-proxy.net
192.168.1.1) by gp.word-to-the-wise.com
(Postfix) with SMTP id 3DD7790000D for
ltsteve_at_blighty.comgt Tue, 2 Dec 2003 125536
-0800 (PST)
You can see the open proxy
38
Mapping email to postal mail- the envelope
Mail From /Envelope From / Return Path
Recipient To
39
Email Authentication Proposals(not directly
related to spam!)
  • Client SMTP Validation (CSV)
  • http//www.ietf.org/internet-drafts/draft-ietf-mar
    id-csv-intro-01.txt
  • Bounce Address Tag Validation (BATV)
  • http//www.ietf.org/internet-drafts/draft-levine-m
    ass-batv-00.txt
  • DomainKeys
  • http//antispam.yahoo.com/domainkeys
  • Identified Internet Mail (IIM)
  • http//www.ietf.org/internet-drafts/draft-fenton-i
    dentified-mail-01.txt
  • Sender ID (SPF PRA)
  • http//www.ietf.org/internet-drafts/draft-ietf-mar
    id-pra-00.txt
  • http//www.ietf.org/internet-drafts/draft-ietf-mar
    id-core-03.txt

40
SPF Sender Policy Framework
Domains use public records (DNS) to direct
requests for different services (web, email,
etc.) to the machines that perform those
services. All domains already publish email (MX)
records to tell the world what machines receive
mail for the domain. SPF works by domains
publishing "reverse MX" records to tell the world
what machines send mail from the domain. When
receiving a message from a domain, the recipient
can check those records to make sure mail is
coming from where it should be coming from. With
SPF, those "reverse MX" records are easy to
publish one line in DNS is all it takes.
41
DomainKeys
Under DomainKeys, a domain owner generates one or
more private/public key-pairs that will be used
to sign messages originating from that domain.
The domain owner places the public-key in his
domain namespace (i.e., in a DNS record
associated with that domain), and makes the
private-key available to the outbound email
system. When an email is submitted by an
authorized user of that domain, the email system
uses the private-key to digitally sign the email
associated with the sending domain. The signature
is added as a "DomainKey-Signature" header to
the email, and the message is transferred to its
recipients in the usual way. When a message is
received with a DomainKey signature header,
the receiving system can verify the signature as
follows 1. Extract the signature and
claimed sending domain from the email. 2.
Fetch the public-key from the claimed sending
domain namespace. 3. Use public-key to
determine whether the signature of the email
has been generated with the corresponding
private-key, and thus whether the email
was sent with the authority of the claimed
sending domain. In the event that an email
arrives without a signature or when the signature
verification fails, the receiving system
retrieves the policy of the claimed sending
domain to ascertain the preferred disposition of
such email.
openssl rsa -in rsa.private -out rsa.public
-pubout -outform PEM -----BEGIN PUBLIC
KEY----- MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ
8XlVambQfMXn3LRGKOD5o6l MIgulclWjZwP56LRqdg5ZX15bh
c/GsvW8xW/R5Sh1NnkJNyL/cqY1aGzzL47t7E XzVcnRLWT1
kwTvFNGIoAUsFUqJ6OprwIDAQAB -----END PUBLIC
KEY----- This public-key data is placed in the
DNS _domainkey IN TXT "ty o- nnotes
remailAddress"
42
DomainKeys Example
DNS TXT query for brisbane._domainkey.footba
ll.example.com
DomainKey-Status good DomainKey-Signature
arsa-sha1 sbrisbane dfootball.example.com
csimple qdns bdzdVyOfAKCdLXdJOc9G
2q8LoXSlEniSbavyuU4zGeeruD00lszZ
VoG4ZHRNiYzR Received from
dsl-10.2.3.4.football.example.com 10.2.3.4
by submitserver.football.example.com with
SUBMISSION Fri, 11 Jul 2003 210154
-0700 (PDT) From "Joe SixPack"
ltjoe_at_football.example.comgt To "Suzie Q"
ltsuzie_at_shopping.example.netgt Subject Is
dinner ready? Date Fri, 11 Jul 2003 210037
-0700 (PDT) Message-ID lt20030712040037.46341.
5F8J_at_football.example.comgt Hi. We lost
the game. Are you hungry yet? Joe.
43
DNS to distributeDomain-Level Keys
DomainKeys
44
DomainKeys
45
DomainKeys
  • intra-domain authentication?
  • SK must be online
  • mail-forwarding services?

46
AutentisksE-mails no ft.com
Return-Path ltft.com_at_uk.update.ft.comgt Delivered-T
o guntis_at_latnet.lv Received from update.ft.com
(transit246.email.mms.eloyalty.net
64.73.138.246) by pumpis4.latnet.lv (Postfix)
with ESMTP id 5B0115A5DB for ltguntis_at_latnet.lvgt
Tue, 28 Mar 2006 151043 0300
(EEST) DomainKey-Signature arsa-sha1 cnofws
qdns sftcom duk.update.ft.com
boILD038lHibyKsc7uPFA3Qx7n7CwegCQeNOAOIgBZ3ZGaI
E68Mc5zB6FdHrJlWbyxzkYOlqmf
8Qqzc2rmJXOtwtEFgO4BGUYpmGa6mYvXohBJC8Lf5CFbnyr0Uj
uGVzU46O249STEJ88eA5eN3ep 9OvvBrSxGJ9HPnGHdsE
Received by update.ft.com (PowerMTA(TM)
v3.0r11) id h54jse07d1s6 for ltguntis_at_latnet.lvgt
Tue, 28 Mar 2006 061039 -0600 (envelope-from
ltft.com_at_uk.update.ft.comgt) From "FT.com"
ltft.com_at_uk.update.ft.comgt To ltguntis_at_latnet.lvgt S
ubject The latest news and features on
FT.com Date Tue, 28 Mar 2006 061042
-0600 Message-ID lt7jzv8j3782t5nd6v2fSp997ml2_at_uk.u
pdate.ft.comgt Content-Return allowed MIME-Version
1.0 Content-Transfer-Encoding
quoted-printable Content-Type text/html
charset"iso-8859-1" X-Virus-Scanned amavisd-new
2.3.2 (20050629) at latnet.lv
guntis_at_gulbis nslookup gt set typeany gt
uk.update.ft.com Server
159.148.108.1 Address 159.148.108.153 No
n-authoritative answer Name
uk.update.ft.com Address 64.73.138.246 uk.update.
ft.com mail exchanger 10
uk.update.ft.com. uk.update.ft.com text
"vspf1 ip464.73.138.0/24 -all gt
ftcom._domainkey.uk.update.ft.com Server
159.148.108.1 Address 159.148.108.153 No
n-authoritative answer ftcom._domainkey.uk.update
.ft.com text "krsa\ pMIGfMA0GCSqGSIb3DQ
EBAQUAA4GNADCBiQKBgQCoNyixo7zQAb2mLAhB29hV6a7djDXr
TZBo67WajXykAt0O1vFhaLE1p5bFJnqhQzgmT91eVw58/Y2M
WqusiPrzycSQl7FNsmPW2iFqmO5wJbaytjkqvS5DwEiB4aHGQy
Cbi1Vobs7INFy1SAATdzqXFD8GNKNZRuf5fmqHvesQIDAQAB"
gt
47
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com