Download presentation
1
E-Mail Security E-Mail Technology E-Mail Clients and Mail Servers
Mail server software: Sendmail on UNIX, Microsoft Exchange, and Lotus/IBM
2
E-Mail Standards SMTP to Send POP or IMAP to Download SMTP to Send
Sender’s Mail Server Receiver’s Mail Server Sending Client Receiving Client Message RFC 822 or 2822 body HTML body
3
E-Mail Security E-Mail Technology
SMTP to send messages from client to mail server or from mail server to mail server To download messages to client program from receiver’s mail server POP: Simple and popular; manage mail on client PC IMAP: Can manage messages on mail server
4
E-Mail Security E-Mail Technology E-mail bodies
RFC 822 / RFC 2822: Plain English text HTML bodies: Graphics, fonts, etc. HTML bodies might contain scripts, which might execute automatically when user opens the message Web-based needs only a browser on the client PC
5
No need to install new software
Web-Based Client’s Browser Webserver Program HTTP Request Message HTTP Response Message Webpage Containing Message Client PC Webserver with Web-Based Almost all client PCs now have browsers. No need to install new software
6
E-Mail Security E-Mail Content Filtering
Antivirus filtering and filtering for other executable code Especially dangerous because of scripts in HTML bodies Spam: Unsolicited commercial
7
E-Mail Security E-Mail Content Filtering
Volume is growing rapidly: Slowing and annoying users (porno and fraud) Filtering for spam also rejects some legitimate messages Sometimes employees attack spammers back; only hurts spoofed sender and the company could be sued
8
E-Mail Security Inappropriate Content
Companies often filter for sexually or racially harassing messages Could be sued for not doing so
9
E-Mail Security E-Mail Retention
On hard disk and tape for some period of time Benefit: Can find information Drawback: Can be discovered in legal contests; could be embarrassing Must retain some messages for legal purposes
10
E-Mail Security E-Mail Retention
Shredding on receiver’s computer to take messages back Send key to decrypt Make key useless after retention period so cannot retrieve anymore Might be able to copy or print before retention limit date Not good for contracts because receiver must be able to keep a copy
11
E-Mail Security E-Mail Retention
Message authentication to prevent spoofed sender addresses Employee training is not private; company has right to read Your messages may be forwarded without permission Never put anything in a message they would not want to see in court, printed in the newspapers, or read by their boss Never forward messages without permission
12
E-Mail Security E-Mail Encryption
Not widely used because of lack of clear standards PGP and S/MIME for end-to-end encryption How to get public keys of true parties? PGP uses trust among circles of friends: If A trusts B, and B trusts C, A may trust C’s list of public keys S/MIME requires expensive and cumbersome PKI
13
Cryptographic Protection for E-Mail
Mail Server SMTP, POP, etc. Over TLS SMTP, POP, etc. over TLS S/MIME with PKI or PGP with Circles of Trust Sending Client Receiving Client
14
E-Mail Security E-Mail Encryption
PGP and S/MIME for end-to-end encryption Ease of use S/MIME usually built in if available at all PGP usually a cumbersome add-on to TLS Between client and server
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.