Chapter 16 E-mail and Instant Messaging

Which Email ports must be open?

25, 110, 143

STARTTLS

A command (not an acronym) used to upgrade an unencrypted connection to an encrypted connection on the same port.

Mail Relay

A device in which email is stored and forwarded from, and sends the email to its final destination

Mail User Agent (MUA)

A messaging component used as a stand-alone application by the user.

Pretty Good Privacy (PGP)

A method of encrypting and decrypting e-mail messages. It can also be used to encrypt a digital signature.

Mail Transfer Agent (MTA)

An e-mail server.

Sender Policy Framework (SPF)

An e-mail validation system designed to prevent e-mail spam by detecting e-mail spoofing, a common vulnerability, by verifying sender IP addresses.

Email Hoax

An email message that is trying to tempt you to give out personal information or trying to scam you.

Sender ID Framework (SIDF)

Attempts to authenticate messages by checking the sender's domain name against a list of IP addresses authorized to send email by the domain name listed

POP3

Client computer may connect to a server and download new messages.

PTR and reverse DNS checks

Conducts reverse DNS check to determine origin address. Make sure it is a real one. SPAM defense

DomainKeys Identified Mail (DKIM)

Email validation system employed to detect email spoofing

Greylisting

Emails are bounced as temporary rejection because spam will not resend

Delay-based filtering

Insert a deliberate pause between the connection and the banner. Any system that sends data during pause is usually malicious (usually because spam is sent constantly). SPAM defense

Simple Mail Transfer Protocol (SMTP)

Mail is sent to a server and from server to server. Defaults to TCP port 25

Blacklisting

Noting which domains/systems are known to send spam and reject messages from those addresses. SPAM defense

Emails depend on 3 protocols

SMTP, POP3, IMAP

S/MIME

Secure/Multipurpose Internet Mail Extensions Developed by RSA and uses X.509 format

Multipurpose Internet Mail Extensions (MIME)

Specification for sending files as attachments to e-mail.

Mail Delivery Agent (MDA)

The service that downloads e-mail from a mail transfer agent.

Why is both symmetric and asymmetric encryption used in email?

To increase speed of encryption and decryption

Email Structure

Two elements: Header and Body Entire message sent via plain ASCII text Attachments use Base64 encoding

IMAP

Uses TCP port 143 and similar to POP3 Works in greater synchronization. Allow client to retrieve information from server

Trusted Servers

White listing. Trusted domains and systems SPAM defense

Open Relay

a mail server that will accept mail from anyone

Egress filtering

filter packets going from the network to the outside

Real-time Blackhole List (RBL)

system that uses DNS information to detect and dump spam e-mails.