Electronic Mail (popularly known as email) is a digital medium of communication widely used to exchange messages across the Internet. It was invented by Ray Tomlinson in 1972. Email is used for sending and receiving electronic messages over the Internet. You can send or receive an email using a desktop computer, mobile phone or any other electronic gadget that supports desktop or web-based applications.
Companies such as Google and Microsoft that provide email functionality maintain huge server farms to store the large volume of data that is created. You can send text, audio, and video to a recipient in a single email message. In order to use email, you must first register and setup an account with an email provider such as Google, Yahoo or Microsoft. Once your account is verified, you can send and receive emails that get delivered within a few seconds and it is completely free of cost.
Email Versus Traditional Mail
Email provides a number of features and benefits that have given it an edge over traditional mail (also known as snail mail). As a result of this, email usage has overtaken traditional mail in such a way that it has almost become a thing of the past. Nowadays, no one has the time or patience to wait for a letter that can take days to come.
The main benefits of email over snail (regular mail) mail are:
Simplicity: Email is easy to use. Users can send and receive communication by typing the message in an email editor. The interface of the editor is similar to Microsoft Word with which most people using computers are already familiar. Email allows you to electronically store the messages that are sent and received.
Address book and other productivity tools: Email is integrated with the address book, calendar, instant messaging and other productivity tools that are available in Windows and other operating systems.
Speed: Email is delivered instantly to the recipient since it is done electronically. This ensures that there is no delay unlike traditional mail.
Cost effectiveness: Email usage is free on the Internet unlike traditional mail. Therefore, it is highly desirable. For example, Gmail, Rediffmail, Yahoo mail and so on.
Easy mail management: Email service providers provide multiple features that help you to easily manage your inbox. You can create different labels and assign them to emails in order to group them together. Additionally, you can filter, prioritise and send emails to different groups. An inbuilt mechanism identifies incoming Spam and automatically directs it to the Spam folder.
Communication with multiple people: Internet email service allows users to communicate with multiple people at the same time. Therefore, an email can be addressed to multiple recipients unlike a letter.
Accessibility: Email can be accessed anytime, anywhere, across the globe. Moreover, you can access it using a host of devices such as laptops, smartphones, tablets and so on.
For using email, users need an email account. Each account is assigned a unique email address. You need to use your email address for sending and receiving email messages. In simple terms, it is the equivalent of the address written on the envelope of a letter that can be posted.
An email address (for both sender and receiver) has two parts, username and domain name. Username is the name that identifies the user and domain name hosts the email account. Both are separated by the ‘@’symbol. An email address has the form: [email protected]; where the username can be up to 64 characters long and the domain can have a maximum of 255 characters. For example; [email protected]
Structure of an Email
There is a fixed structure for every email message. It is accepted and followed as a standard all over the world.
An email message is primarily composed of three parts: header, message body and signature.
Header: An email header contains detailed information about the email rather than the body text; such as the sender’s, recipient’s address, date and time when the message was sent and subject of the message. The subject line provides a brief description about the content of the email. The header provides an option to include the email address of other recipients in case the email is sent to more than one recipient.
Message body: The message body contains the actual content of the message which is in the form of text. It may also include attachments such as audio, videos, software, files of different formats, etc. The content of the email may vary according to the different email systems used by each user.
Signature: Signature of email is the part that provides the information of the sender to the recipient. This part may also include signature or text generated automatically by the sender’s email system. User can also set their email account to enter the signature line automatically on the emails sent.
Exchanging emails is a part of daily routine. Emails are sent and received regularly; be it relevant emails or spam mails. Email client applications such as Gmail and Rediffmail can be accessed using a web browser such as Google Chrome or Microsoft Internet Explorer. You need to visit the provider’s website, such as www.gmail.com. Alternatively, you can double-click the shortcut on your desktop to launch the email client application installed on your machine, such as Microsoft Outlook to start the email editor. Either ways, the features that are provided are the same.
Using an email client application, you can organise emails and store emails locally on the computer so that they can be accessed offline. Sometimes, email clients offer features that web-based clients don’t offer, such as address book, lists, global address list and personal contacts. The most commonly used email service providers are Opera Mail, Microsoft Outlook, Mozilla Thunderbird, PocoMail, Windows I ive Mail and Mailbird.
Compose and Send an Email
An Email is sent to a recipient in different stage, involving multiple parties. The stages for sending a simple mail message are:
- The sender composes the mail message using an email service.
- Once the sender send the message, along with the attachments (if any), it is uploaded to the simple mail transfer protocol (SMTP) server as an outgoing mail
- The SMTP server communication with the Domain name server (DNS) to locate the email server of the recipient.
- If the recipient’s email server is found then the message is transferred to it else the sender receives a delivery failure notification.
- The recipient (if found) receives and downloads the message.
Email Security: A Growing Concern
In today’s world, email has become the most prominent means of communication in every industry, especially in business and government sectors. Consequently, the importance of email security has increased significantly. Often emails carry confidential and sensitive data. Such information or data provides the attackers an opportunity to make financial gains through illicit means.
Email security refers to the protection of email content from various attackers or threats, protection against unauthorised revelation and unauthorised modification. The architecture of the underlying network plays an important role in securing emails. Many organisations make use of firewalls to prevent their network from the malicious attacks. To secure email from threats, an understanding of its background is important.
It is important to secure emails because of the following considerations:
Email Security Issues
Email continues to be the apex of threat areas in the field cybersecurity. Through email, a variety of malicious programs and social engineering tactics can be propagated.
Here are some of the email security threats faced by users:
Malicious email attachments: When a user receives a suspicious email attachment from an unknown sender, such attachment is referred as malicious email attachment. This email attachment, if downloaded, may result in the user’s login data getting compromised or cause damage to the operating system.
Malicious user direction: Malicious user direction emails lure a user by promising something that is completely different from what will eventually be delivered. The aim is to encourage the user to click a link that may redirect to another link or website hosting malware or spyware. Eventually, the user’s system is infected by the malware/spyware.
Spamming: Spam email is the unwanted junk mail that arrives in user’s mailbox such as brochures and pamphlets. Spam emails are sent in large quantity to an arbitrary set of recipients. These are also called Unsolicited Bulk Email (UBE) or Unsolicited Commercial Email (UCE).
Snowshoe spamming: Snowshoe spamming refers to the practice of sending spam across multiple domains and IP addresses to dodge filters. The use of multiple domains and IP addresses makes it difficult to recognise and catch snowshoe spams.
Phishing: Phishing is the practice of obtaining private information in a fraudulent manner. Phishing emails are legitimate looking emails that makes a user believe in them. An email may appear under the name of trustworthy company or a website requesting you to update your details.
Spear phishing: Spear Fishing has emerged as a recent threat. Like Phishing, spear phishing is the practice of obtaining private information in a fraudulent manner, but targets only few users or a specific individual. Phishing aims at sending large volumes of emails with the expectation that only few will respond. On the contrary, spear fishing requires the attackers to research and targets few people.
Spoof mail: Spoof mail, also called hoax mail, is a fake email message which is propagated as a genuine email. It is basically a scam that is designed for making a monetary gain.
Email Security Threats: Malicious Email Attachment
A malicious email attachment is sent by the attacker with the purpose of causing harm to the receiver’s computer. Such mails can install malware capable of destroying data and stealing information. They can also enable the attacker to take control of the user’s system, thereby giving them access to the data and other network systems.
Identifying Malicious Email Attachments
Malicious emails with attachment or links are sent by the undisclosed senders. Such mails usually appear with the subject line- “Hurry, time is about to be over” or “call to action:They try to create panic and sensation. The attempt is to create a situation where you are unable to use your judgement and can easily be tempted. Always beware of exciting and tempting offers, these can be a bait for performing a criminal act.
Risks Involved with Malicious Emails
Malicious emails received by unsuspecting recipients are capable of installing a virus, trojan, or key logger (for capturing keystrokes) on the recipient’s computer. Consequently, the computer become prone to public access.
Let us assume that you have downloaded a malicious attachment received in an email. In such a scenario, perform all the following steps:
- Disconnect the Internet connection immediately.
- Run antivirus software to scan your computer.
- Avoid passing critical data while scanning your machine.
- Enable filter or firewall software to avoid hazardous circumstances.
In order to safely use email, you should never download an attachment from an email that appears suspicious or you are unsure about. You must install antivirus software on your computer and ensure that the virus definitions are updated. It is advised that you scan your computer for infections on a regular basis.
Email Security Threats: Spamming
Spamming is the act of sending unwanted email message containing commercial content in large quantities. It is the form of commercial advertising that exists is not only in email service but also is news group, online games, instant messaging and so on.
Effects of Spamming
Some of the bad effects of email spamming are:
- Identity theft.
- Increase in worms &Trojan horses.
- Loss of Internet bandwidth and decreased performance.
- Mail servers and hard disk crash.
- Critical email messages are delayed.
- Search results are altered.
To prevent spam from entering your mailbox, perform the following:
- Avoid sharing personal information with unreliable sources.
- Avoid responding to unsolicited emails.
- Use spam and virus filter.
- Use firewall to stop attackers from outside world
- Make use of the BCC field while forwarding email messages to multiple recipients so that your email address is hidden from other recipients.
- Do not make a purchase by clicking links received in spam emails.
- Avoid opening suspicious looking emails.
Anti-Spamming Tool (SPAM fighter)
SPAM fighter is software that prevents unwanted email messages containing spam advertisements from entering your mailbox. It improves the system’s performance by providing optimisation and security and protection solutions. SPAM fighter blocks spam from entering the user’s inbox. It has a reporting feature that enables you to report any spam mails that you have received despite this control in place. Upon reporting, the toll will remove that email from the inboxes of all other community members also with a single click.
SPAM fighter has the following features:
- Protects all email accounts on your computer.
- Protects against identity theft and other email fraud.
- Privacy is guaranteed as the tool does not read your emails.
- Spam reporting can be done with a single click.
- Unique language filtering tool blocks email written in specific languages.
Spamihilator is a spam filter that acts between email clients and the internet. It examines and ccheck every incoming message and filter out the message and filters out the spam and junk mails among tham. It work in the background.
The merits of using Spamihilator are:
- Removes more than 98% of Spam mails before they enter the Inbox.
- Highest Spam recognition rate because it uses multiple filters.
- Highly configurable open source program.
- Spamihilator works with almost every email client such as Outlook , Eudora, opera, thunderbird , etc.
- Processes commonly used protocols such as POP3 and IMAP.
- Best possible separation between spam and non – spam is achieved.
- Adds all buddy messages to the friend list.
- Delete message from blocked sender list with out downloading them
E-mail Security Measures
Email is the electronic equivalent of a post card. Information technology companies heavily depend on email for their communication needs. Therefore, it is important for companies to formulate security policies and procedures governing email e-mail usage. These policies must be clear, precise and unambiguous. Email security policies and procedures define the guideline that users must folloe to protect themselves from email threats and other relates issues. Some of the policies governing email usage commonly followed by IT companies are:
Creating Strong Passwords
A Password is a combination of alphanumeric characters (including special characters optionally) that needs to be provided for authenticating users. This is done so that only authorised users have access to the system and/or resources. It is also used for limiting user access depending on the business need. Password safeguards the information and devices from unauthorised use. It must never be shared.
Strong password have the following characteristics:
- Minimum eight characters in length
- Contains a mix of alphabets, numbers and special characters
- Does not include any personal details
- Password is unique for each account
- It is easy to remember for you but hard to guess for others Users must always create a strong password and it is advisable to change the passwords frequently. All email clients and Internet Service Providers (ISPs) have mandated the requirement of having to change the password at regular intervals.
Stay signed in Feature
Email clients, like Yahoo, provide a ‘Stay signed in ‘or’ Keep me signed-in ‘or remember me’ option. This option enables the browser to remember the user’s login credentials even after the browser is closed. Therefore, the user does not need to enter their login credentials the next time they access their email account. This feature has more drawbacks than advantages as it makes it easy for attackers to steal information. The attacker may access the user’s account without his consent. Therefore, such features must be deselected while accessing the email account to secure from any threat.
Disable the Preview Feature
All web mails have a preview feature to allow the user to read the email and look at its contents without opening it. If this feature is enabled, the attacker can read the content without the user’s permission. The email may contain critical data or information in the first line itself, such as One Time Password (OTP).This is a dangerous feature, therefore, if it is enabled, it can prove to be harmful to the user. With this feature, the emails and files are downloaded and rendered automatically. Therefore, if any harmful code is also present there, it will be automatically executed. Hence, we recommend that users keep this feature turned off for securing their valuable data
Email Filtering is the process of eliminating unwanted or undesired emails from the list of emails received. The user can discard the emails as per their choice or send the desired emails to others. Email filtering is performed mainly on Spam mails, phishes and malicious and dangerous attachments that may harm a user’s identity. It may also be performed on outgoing email messages that can control transmission of confidential information and help against risky legal liabilities. A good email client provides basic email filtering facilities.
Scan Email Attachments for Malware
User may receive email attachments in the form of document files, videos, audios or images. Sometimes, such attachment can harm the system. To prevent such email attachments, users are recommended to scan the attachments before opening or downloading them, otherwise, malware or virus can enter the system. Such infections spread gradually taking up complex forms. This may lead to the creation of a kind of malware called ransomware that encrypts all the files and pushes a ransom in the system as legitimate user for decryption key. Therefore, it is very important to scan any attachment before downloading it.
Sign Emails Digitally
Digital Signature is the code or signature attached with the document transmitted using an electronic medium. It is used to verify the sender’s identity and the content that is transmitted. Digital signature helps in authenticating the identity of the sender of the message and is unique for every user. Digitally signed emails or messages are difficult to tamper with and thus, are considered to be safe. All documents such as emails, PDF files, Word documents, etc. can be digitally signed.
Digital IDs are used to:
Digitally sign emails: A red ribbon icon on the email indicates it came from a valid email address.
Encrypt emails: A blue envelope icon on the email indicates that it remained private during transmission (only the recipient can securely open it). Once the user obtains their digital ID, they can register it with all programs that support digital signatures, such as Adobe Acrobat, Microsoft Outlook etc.
The sender sends the signed document to the receiver. The receiver uses the sender’s public key to authenticate the sender signature. This is also ensures that the documents is not compromised after it was signed.
Encryption is the process of transforming plain text (data send) into cipher text (data received) to prevent unauthorized access. This is done by using encryption algorithm such as RSA (Rivest-shamir-adleman) algorithm. Encryption is done by using an encryption key based on which plain text is convert into cipher text. The purpose of data encryption is privacy. Encryption is needed to protection the data confidently as it is stored on the internet during transmission.
Decryption is the process of transforming the cipher text back to the plain text so that it become readable. It is the opposite of encryption. Cipher text can be decrypted with the help of decryption key. Encryption and decryption key both can be same or different depending on the type of encryption technique used.
Types of Encryption
There are two types of encryption: Symmetric and Asymmetric.
- Symmetric Encryption (also known as private key encryption): In symmetric encryption, the same key is used for encryption and decryption. Therefore, it becomes critical to transfer the data using symmetric encryption because if the key is hacked, the entire encryption gets corrupted.
Some commonly used symmetric encryption algorithms are DES, IDEA, Twofish, Blowfish, Serpent, RC2, RC4 and Triple DES.
- Asymmetric Encryption (also called public key encryption): Asymmetric encryption uses a pair of keys. One key for encryption and decryption each. Both the keys are different. Between two, one key is a public key and the other is a private key. Public key (kept with the sender) is used for encrypting the messages and private key (kept with the receiver) is used for decrypting the messages. Data encrypted using a public key can only be decrypted using the corresponding private key. This method enables transmission of data without the risk of unauthorised or unlawful access. The process is slow and complex but more secure than symmetric encryption. Some of the asymmetric encryption algorithms are RSA, Diffie-Hellman and XTR.