Download - Email Security, The Essence of Secure E-mail
Haaga‐Helia University of Applied Sciences
E‐mail SecurityWhen can I consider my e‐mail to be secure?
Ralph van der Pauw – a1000513 27/4/2010
1
Table of Contents
What is e‐mail? ........................................................................................................................................ 2
Simple Mail Transfer Protocol ......................................................................................................... 2
Post Office Protocol & Internet Message Access Protocol ............................................................. 2
Why should e‐mail be secure? ................................................................................................................ 4
How the internet works .................................................................................................................. 4
Common sense ................................................................................................................................ 5
Which threats exist in e‐mail? ................................................................................................................. 6
Trojans ............................................................................................................................................. 6
Viruses ............................................................................................................................................. 6
Worms ............................................................................................................................................. 7
How can these threats be eliminated? ................................................................................................... 9
Antivirus software ........................................................................................................................... 9
Think before you act ........................................................................................................................ 9
Which vulnerabilities exist in email? ..................................................................................................... 11
Privacy ........................................................................................................................................... 11
Spam & Phishing ............................................................................................................................ 12
How can these vulnerabilities be reduced? .......................................................................................... 13
Encryption (SSL, TLS & PGP) .......................................................................................................... 13
Spamfilters ..................................................................................................................................... 13
Awareness ..................................................................................................................................... 14
Sources .................................................................................................................................................. 16
2
What is e‐mail?
E‐mail is the abbreviation of ‘Electronic mail’, a now standardized word used to describe the protocol
of exchanging and storing digital messages. Though there had already been some programs made for
exchanging messages between direct connected computers, the first foundations for e‐mail had been
invented in the early 1970’s by Ray Tomlinson. Shortly after the creation of the ARPANET (beginning
of the internet) he created two programs called SNDMSG and READMAIL to either send or read mail.
In 1971 he updated his SNDMSG application by adding a program that could copy files through a
network connection which completed the creation of the first functional e‐mail client (Hardy, 1996).
Tomlinson assigned every client address based on the same structure we use nowadays. In his case it
was username@usercomputer, with ‘username’ being the client’s name and ‘usercomputer’ the
computer where the client was located (Black, 2010). Over the years not much has changed other
than that ‘usercomputer’ changed into the name of the provider (domain name). Furthermore an
extension is added behind the domain defining a country or sector. Still the foundation of
Tomlinson’s work exists in the communication that we find so common in our day to day life.
An e‐mail is basically a text message containing a header and a body. The header is meant for
metadata such as the sender, recipient, date and other information defining the content. The body
contains the content written by the sender which can either be plain text or HTML coded content.
Most e‐mail clients support HTML bodies in e‐mail messages, but due to the existence of older e‐mail
clients, a link to a webpage or a text version of the body is still sent along. Email used to be a text
only protocol, but with the development of MIME (Multipurpose Internet Mail Extensions) it is now
possible to send rich multimedia content such as attachments along. MIME is a way to convert files
into plain text, so it can be sent with the e‐mail messages. Once the message arrives with the
recipient, the text is converted back to the file it was before it had been sent (Tschabitscher, 2010).
Simple Mail Transfer Protocol
The protocol used to send an e‐mail message is called SMTP, meaning Simple Mail Transfer Protocol.
When the client sends an e‐mail, it’s sent by the e‐mail client to the SMTP server which is usually
hosted by either your (online‐)mail or internet service provider. The worldwide standard for the
SMTP port is port number 25, only being used to send e‐mail. After the SMTP server connected with
your mail client a conversation is initiated containing both the address of the recipient and the
address of the sender. The recipient address is broken down into the client name and the domain
name. If the domain had been the same as the domain used to send the mail, the SMTP server would
pass the messages on to the POP/IMAP server. In case a different domain is used, the SMTP server
connects to the DNS (Domain Name Server) and will ask for the unique internet web address (IP:
Internet Protocol address) of the SMTP server for that domain. The SMTP server connects with the
other SMTP server to transfer the message to its server. The message is then placed in the virtual
mailbox of the recipient. In reality the delivery of the message between two SMTP servers takes a bit
more time and steps but this process will be explained when we cover the internet and package
sniffing (Brain, 2008).
Post Office Protocol & Internet Message Access Protocol
There are two different protocols for receiving e‐mail messages. The oldest and simplest protocol is
called POP or POP3 (Post Office Protocol). The transfer process is remarkably simple: When a person
3
uses his or her e‐mail client, the client logs in on the POP3 server using port 110 and then uses the
LIST command to see if there are any messages that have to be retrieved. If there are new messages
available the e‐mail client retrieves the messages from the server using the RETR command after
which the virtual mailbox is empty again and all new messages are stored on the client’s computer.
The IMAP (Internet Message Access Protocol) is a bit more advanced because it keeps your mail on
the mail server and lets the client download copies of the new messages to cache it on the machine.
When a new message is read the mail client sends (when connected to the internet) a command to
the IMAP server so the message on the server can be marked as read too. This way you are able to
keep you mail synchronized in more places (Brain, 2008).
Disadvantages of IMAP for companies might be that the size of the virtual mailbox can take up a lot
of unnecessary space on the company’s host server. Nowadays POP3 can also support the possibility
to keep a copy of you messages on the server, but IMAP still covers a more advanced ground in the
mail protocol being able to change the status of the message on the server to for example ‘read’.
4
Why should e‐mail be secure?
E‐mail has become one of the biggest ways of communication. With 90% of the United States citizens
online to read or send e‐mail, it is considered the most popular form of communication in both
corporate as well as personal communication. 57% of these citizens use e‐mail on a day to day basis
for it has become part of their daily routine (Brownlow, 2009). Unfortunately that´s one of the
reasons it has become insecure. E‐mail has become a part of our day to day routine which for most
people has made it a routine they no longer pay attention to.
The success factor of e‐mail lies in the fact that it is simple, cheap, relatively fast and has become
something universal everybody is able to use. The total number of e‐mails send in 2009 has been
estimated around 90 trillion. This means every day 247 million e‐mails per day are sent and received
by an estimated 1.4 billion e‐mail users around the world (Pingdom, 2010). We take this form of
communication for granted and start using it for almost everything we would like to talk about. Little
do we know how secure our communications really are.
While the number of e‐mail clients is rapidly increasing, the increase of hacking attempts on the
internet has increased even more. Security company Symantec shows how the number of infected
computers in 2009 has increased with 71% compared to the year before. Every second several
hundreds of attempts are made to confiscate sensitive information or to infect a computer with
malicious code. Every 4.5 seconds one of these attempts succeeds. These statistics show how a, to
most people, seemingly innocent environment just isn’t that innocent at all. Internet grows as a
common necessity in everyone’s life, but most users lose track how it also grows to be a platform
that can be abused in many different ways.
How the internet works
Asking a regular e‐mail user how his or her e‐mail will actually be delivered to the recipient and what
it can be exposed to, will point out how unknown the e‐mail traffic actually is. As explained before,
the SMTP server will try to connect to the recipients SMTP server, but the sending process of this
email is not done by directly transferring the message server to server. This is not how the internet
works. Packages are sent in an assumed direction where they are being received by other servers
who keep passing them on to the right direction, so called ‘routing’. When a packet is received by
one of these routers, the packet header is examined and the router searches its routing information
table (RIT) for an address of a router closer to where the recipient’s mail server is located (Wilson,
1997). More shocking is that when your email is not encrypted, which it usually isn’t, it is very easy
for these servers to read the content of your e‐mail if they would actually want to. The correct term
for scanning these packets along the e‐mail route is packet sniffing. If your e‐mails are not being
encrypted they are sent as clear text past several routers who then have the ability to intercept and
read them.
Not just sending an e‐mail can put you in a vulnerable spot. When you are logging in on your POP3 or
IMAP4 server, the log‐in information is initially sent as clear text. This means with packet sniffing
methods your username and password can be read (Theall, 2004). Now consider the number of
people that use the same password for their e‐mail client as access to their back account, it could
become a lucrative business. Nowadays most e‐mail clients support encryption for these log‐in
5
connections but there are still quite a lot of mail servers that do not use any encryption at all which
leaves plaintext log‐in information unsecure.
Common sense
In analyzing e‐mail security and direct threats to the mailbox we find ourselves defining two different
fields of prevention. There are on one side the technical aspects (like the encryption and sniffing,
mentioned before) and then there is common sense. Common sense is an aspect that can’t be
prevented as easily as the technical aspects in e‐mail security. Assuming most of the people do not
know where their e‐mail goes after pressing the sending button, they usually aren’t that aware to
protect their mailbox with some common sense.
There is a big necessity for securing both your mailbox and your internet traffic. As mentioned before
it is the number one form of communication in both private and corporate sector. The amount of
sensitive information that is being sent through e‐mails is gigantic. Summed up from personal
information like bank transactions and private matters to company secrets and classified documents.
It is really not that hard to intercept and read these e‐mails. Of course methods like packet sniffing
and breaking in to someone’s mailbox are still illegal, but that does not keep certain people from
trying it.
6
Which threats exist in e‐mail?
With threats we are not focusing so much on the privacy issues of e‐mail, but more on technical
dangers of receiving e‐mail. Most companies think they secure themselves with a firewall which
would make unauthorized access to their intranet impossible. Unfortunately this is not entirely true,
several attack methods exist that can bypass this firewall. Most importantly firewalls do not check
the content of e‐mail messages that are being sent and received by the persons who are authorized
to use this intranet (GFI Software, 2009). In the last quarter of 2009, Symantec internet Security
Company added 921,143 new malicious code signatures to their database (Pingdom, 2010). This is
dangerous because the largest amount of the internet users still are ignorant about the internet´s
capabilities and rely too much on their own ´false´ assumptions. This will put them in an unsecure
position surrounded by millions of pieces of malicious code.
Trojans
A big threat in receiving e‐mails, especially with attachments, is a Trojan. Trojans – short for Trojan
horses ‐ are parts of code hidden in a useful little application that locates itself on your harddrive. .
They got their name from the horse of Troy in the legendary ancient story where Greek soldiers had
hidden themselves inside a big wooden horse, allegedly built by Odysseus as a gift for the goddess
Pallas Athena and left outside the gates of the city of Troy. Once the Greek had left (so they made it
look like) and the Trojans had broken down a section of the city wall to haul the giant horse into their
city, the wooden horse opened up and the Greek soldiers conquered Troy.
Trojans do not automatically spread themselves, they are part of something and the user is the
person that accepts and activates the malicious code without knowing it. They usually spread by e‐
mail and sometimes through p2p (person to person) networks (Petri, 2009).
What a Trojan actually does is it opens up your PC to other users through a backdoor in the code. A
Trojan has access to copy, remove or change files on your harddrive and it can take control of your
computer’s hardware. Usually Trojans are used to add your computer as a so called ‘zombie’ to a
botnet. A botnet is a large network of infected computers that can be used to create mass attacks to
a different computer or a server. The attacks are called ´Distributed Denial Of Service´ (DDOS)
attacks, all the zombie computers in the bot‐network are used to send requests to a single server
with the intention to make it crash. Apart from DDOS attacks your computer can also be used as a
spambot to send large amounts of spam e‐mails to different e‐mail addresses. The spambot ‘crawls’
the worldwide web for new e‐mail addresses to sell these e‐mail addresses to companies for spam
purposes. Trojans can function for a long time on your computer without you even knowing it; this is
what makes them so dangerous.
Viruses
“CNN reported in January 2004 that the MyDoom virus cost companies about US$250 million in lost
productivity and tech support expenses, while NetworkWorld (September 2003) cited studies that
placed the cost of fighting Blaster, SoBig.F, Wechia and other email viruses at US$3.5 billion for US
companies alone” (GFI Software, 2009).
Computer‐viruses are most likely the biggest threat in sending and receiving e‐mails. They are
besides that also the biggest cost‐expense. Once a computer has been infected by a virus it is usually
7
impossible to recover anything of the data and you are lucky when reinstalling the operating system
does the trick. A computer virus exists from pieces of executable code that can copy themselves and
infect a computer. Computer viruses have many ways to spread, e‐mail being one of the fastest and
easiest ways. A virus always attaches to an executable file and ‐ like a Trojan ‐ can only spread by
human cause. A virus can be either a little annoying or a huge problem to your computer system.
Once infected and triggered, a virus has access to your harddrive and operating system and can
corrupt or delete your data. The severity depends on the type of virus your computer is infected
with.
Types of viruses
Each virus type has a different way to infect your computer. We recognize 6 virus types in general
(Spamlaws, 2009; Kamat, 2001).
Program viruses: A program virus is triggered when the executable file (known extensions are
.BIN, .COM, .EXE, .OVL, .DRV) carrying the virus is opened. Once active, the virus will copy
itself and tries to spread itself in different programs on the computer.
Boot viruses: These viruses infect floppy or master boot records on the harddisk. The virus
replaces the boot record program (This is the program that loads the OS (operating system)
in the memory) by copying it elsewhere on the disk or overwriting it. This way the booting
process is corrupted and the virus has direct access to the computer’s memory.
Multipartite viruses: this virus is a combination of a Boot virus and Program virus. Once
triggered it corrupts your program files after which it will affect the boot record. The next
time you boot your computer it is able to spread through your memory and infect your local
drive and programs.
Stealth viruses: This virus is able to hide itself to prevent detection from antivirus software.
The virus has several tricks up its sleeve such as concealing itself in the computer’s memory
or changing its file size.
Polymorphic viruses: These viruses adept to the system by changing their binary pattern so
they are harder to detect by anti‐virus software. The binary pattern of a virus is more or less
its signature from which antivirus programs can detect them.
Macro viruses: this virus is based on the macro language which is a program language used
by applications like Word and Excell. When a virus is coded in the macro‐language, it sticks to
a document such as a word or excel document. Every time a new file is created with the
application, the file is infected with the virus.
Worms
Worms are a lot like viruses but unlike a virus they can spread without human intervention. The
worm can for instance be able to send itself to all the people in your address book. Worms have the
capability to travel across your network and duplicating themselves. “The biggest danger with a
worm is its capability to replicate itself on your system, so rather than your computer sending out a
single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating
effect” (Beal, 2009). Just like a computer virus and a Trojan horse it needs to be triggered by a human
action before it can become active. In this case worms are usually received concealed with something
that brings up the attention of the computer user, a good example is the ILOVEYOU worm.
8
In 2000 the ILOVEYOU virus had infected millions of computers all over the world. It soon got the
name ILOVEYOU‐virus although its architecture defined it as a worm. The worm was hidden in an
attachment to an e‐mail message with the subject “ILOVEYOU”. The attachment called “LOVE‐
LETTER‐FOR‐YOU.TXT.vbs” made people very curious and lured the user into clicking it and thereby
activating the worm. After opening the attachment the worm sent a copy of itself to everyone in the
address book and made some malicious changes to the computer system. Because of the enormous
amount of e‐mail messages being sent at the same time, a lot of POP servers crashed. The worm had
a gigantic impact on the world causing an estimated 5.5 billion dollars of damage (Lemos, 2000).
9
How can these threats be eliminated?
You can never entirely protect yourself from viruses, Trojans and worms. But you can do a really
good job by relying on the right anti‐virus software and handling suspicious e‐mails accordingly.
Antivirus software
The right anti‐virus software will make sure the majority of these threats will be picked up by
scanning the incoming mail and outgoing mail. The most popular anti‐virus programs have a
detection rate between 95%‐99%, which proves they don’t entirely protect you from all the existing
threats (Mathews, 2009). Nonetheless they do a good job filtering out most of the malicious mails.
Always make sure your anti‐virus definitions are up to date. Most anti‐virus software updates itself
when the computer boots but do make sure you have the latest updates installed on your computer.
When you use an e‐mail client on your desktop, make sure your anti‐virus program supports inbound
as well as outbound e‐mail scanning. The most popular software suits do so, but it’s still important to
make sure that when receiving your mail you know it has been filtered through. The importance of
outbound e‐mail scanning lies in the fact that you don’t hurt your recipients by accidently mailing
them malicious attachments or links. As mentioned before, once a worm has been activated it can
copy itself and send these copies to your address book. This is where outbound e‐mail scanning
comes in place. It picks up the connection made to the SMTP server and scans the e‐mails for
anything malicious before they are delivered at the SMTP server. If anything is found, the e‐mails are
blocked and you have prevented yourself from spreading the problem.
Depending on your mail provider, your e‐mail might already be scanned for viruses on the server
side. There are anti‐virus applications which are able to run as a module on (for example) a Linux mail
server and make it possible to scan all the SMTP traffic passing that server. Having an anti‐virus scan
on both server‐side and client‐side level provides a higher detection rate and therefor increases your
protection level in e‐mail communication (Kaspersky, 2010).
Think before you act
Although the antivirus software will intercept the majority of these threats, there is still a very low
percentage that can slip through your filter. The point is to be very cautious when you receive e‐mail.
Developers of malicious codes do everything to make the e‐mail look as safe and normal as possible.
When you receive a new e‐mail, there are several precaution steps you can to take to avoid malicious
threats (Microsoft, 2010).
Never trust the sender information. A user is able to spoof the sender address so that the e‐
mail looks harmless.
Approach images in an e‐mail with caution. Images can contain a harmless code that sends
information back to the recipient. The process is triggered by clicking on the image and is
often used to harvest e‐mail addresses for spamming purposes.
Approach links in an e‐mail with caution. Don’t click a link if you do not trust the location it
will take you to. By moving the mouse over a link most e‐mail clients show you where the
link will take you.
10
Approach attachments with caution. If you are not expecting an attachment or you don’t
know from whom it is from, do not open it. Opening an attachment can trigger a malicious
code that wasn’t picked up by your anti‐virus software.
Do not forward chain e‐mail messages. Your e‐mail address is stored in the mail and you are
not able to keep track of who gets to see the e‐mail.
Always report suspicious e‐mail when received from a trusted address. If you receive
suspicious e‐mail from an address you know, contact the recipient about the suspicious e‐
mail to avoid possible spreading of a malicious code and to warn the client about what he or
she has sent.
As stated before it is not possible to eliminate a full 100% of the threats but by letting your (up‐to‐
date) anti‐virus application scan your e‐mail and by taking the above mentioned precautions, you
lower your risk level to the very minimum.
11
Which vulnerabilities exist in email?
Besides threats in e‐mail traffic, there are several points of interest to secure your privacy when
sending or accessing your e‐mail. Because the majority of the people using e‐mail rely on modern
technology to secure them and their e‐mail, they do not realize the user has an equal part in this
security. Without the right precautions e‐mail in general is quite unsecure.
Privacy
In general an e‐mail message is not encrypted, which means your content is sent in plain text to the
recipient. Passing several routers that can digitally eavesdrop on the passing e‐mails there are a lot of
possibilities for reading your e‐mail with the wrong intentions. Unfortunately this is not where it
stops. Both ISP’s and routers can store unprotected back‐ups of your e‐mails.
“In effect, every e‐mail leaves a digital paper trail in its wake that can be easily inspected months or
years later” (CPASecure, 2007).
We’ve discussed the basics of packet sniffing earlier but to understand the vulnerability we will look
more closely into the process and accessibility. A packet sniffer (also known as a network analyzer or
network monitor) is a program that is used to intercept traffic traveling between two networked
computers or servers. The packet sniffer will intercept the packets including data to store it for later
analysis. When you send an e‐mail, it is broken down into segments all containing a header and
footer with the destination address, sender and other information. When the packets arrive with the
recipient, they are being reconstructed and the packet headers and footers are stripped away.
A simple example of a functioning packet sniffer is when you connect to a simple hub‐network with
your device and set up the packet sniffer. In the network all the data is spread by a hub. Every
computer receives packets that are not meant for it. A simple filter in the computer makes sure that
these packets with different destination information are discarded. Usually a packet sniffer is only
able to capture the packets intended for the device it is running from. But with a packet sniffer in
‘promiscuous mode’ you are able to disable the filter and receive all packets traveling through the
network. Traffic from computer A to computer B can be intercepted by computer C without A & B
knowing it. It’s very hard to detect this kind of packet sniffing because it creates no traffic by itself.
This example is based on a hub‐network which has the principle to send all the packets to all the
connected devices. A more secure network would be a switch‐network because a switch actually
sends the addressed packets to the right device, unlike a hub. Unfortunately this does not mean you
are protected on a switched‐network. There are a few workarounds to trick the switch in sending you
the packets. One method – called ARP poisoning – will try to pretend as being the destination device
so it will receive the packets. Another way is to flood the switch with different MAC‐addresses
(Media Access Control) so the switch will go in ‘fail‐open mode’, this mode functions similar to the
hub from the previous example. Both of the above mentioned methods do create traffic where it is
easier to detect the packet sniffing (Bradley, 2010; Kayne, 2010).
Besides packet sniffing it is important to know that an e‐mail user himself is a big vulnerability too. In
the next chapter we will sum up some precautions an e‐mail user should take before he or she uses
an e‐mail client so it becomes clear that technical abuse is not the only vulnerability. Matters like
haste, improper use and unawareness can be important risks in e‐mail use.
12
Spam & Phishing
Both spam and phishing mail are unwanted mails that try to make a profit from you. Spam mails are
unwanted mails by (usually) an unknown address that try to sell you products or services. Famous
spam subjects lines are: “You received a greeting card”, “Masters degree with no efforts” and “Non‐
profit job from home”. Phishing is in this case a more concealed method where people try to obtain
sensitive information in a seemingly secure environment. The e‐mail or website tries to masquerade
itself as trustworthy to lure the user into filling in his or her personal information. Examples are e‐
mails from banks, auction sites or online payment companies. It is not hard for anyone to make a
website look like it is trustworthy to fill in credit card details. It’s important to always check the
website address for a correct URL (without any spelling errors) (Windows Live, 2010).
Although spam seems harmless and people quickly identify it, it has still a few unknown downsides to
it. When you open a spam e‐mail, eight times out of ten it contains a tracking method that enables
the sender to identify your e‐mail address as active. You e‐mail address can then be sold to spam
corporations in which case you will start receiving even more spam (Information Age, 2006). The
biggest downside in spam e‐mail is the time‐consuming effort to remove and report spam e‐mail. It
can be a tremendous cost expense for corporations. Google has launched a calculator to estimate the
total loss caused by spam. For a company with 100 employers, who work 245 days a year with a
salary of 65 euro an hour, spam can cost a corporation over 100.000 euro a year (Google, 2010).
13
How can these vulnerabilities be reduced?
Most vulnerabilities can be reduced to a minimum but can unfortunately not be eliminated. It is up
to the user to determine if the risk level is low enough to use e‐mail as a communication method. In
lowering this risk‐level we will take two approaches, a technical and human approach.
Encryption (SSL, TLS & PGP)
In the technical approach the focus lies on encryption. Encryption is an important part of e‐mail
security. In encrypting the messages are cyphered into unreadable code so the packets are not
readable for anyone who tries to intercept them. All e‐mail traffic should be done through a secure
connection. Not only sending and receiving e‐mails but also the commands sent to the server such as
log‐in information should be secure. A secure connection can be established by either using the SSL
or the TLS protocol. SSL (Secure Socket Layer) was initially created by Netscape to ensure the
integrity of data transport. TLS (Transport Layer Security) is built as an improvement on SSL with
stronger key encryption algorithms and the ability to work on different ports. Both TLS and SSL use
the public‐private key (Asymmetric key Cryptosystem) infrastructure. In this encryption method two
unique encryption keys exist, a public and private key. The public key is used to encrypt the data and
the private key to decrypt. The private key remains private but the public key is sent to a recipient to
encrypt its data with. This way only the owner of the private key can decrypt the message and see
what data it contains (UITS, 2009; Technet, 2010).
Both your e‐mail client and e‐mail provider should be able to support a SSL or TLS connection in
order to use this secure method of exchanging data. Now almost every e‐mail client supports SSL and
TLS, but unfortunately there are still some older e‐mail providers who do not update their servers to
adapt to this method of secure data exchange.
Another way to encrypt your e‐mail is with the PGP (Pretty Good Privacy) infrastructure. PGP is like
SSL and TLS also based on an Asymmetric Key Infrastructure but there is a difference. SSL and TLS are
more based on the transport of data between clients and servers. PGP is meant for storing data
where it will encrypt the whole e‐mail and send it to a recipient that can only decrypt it when he or
she also uses PGP. While SSL and TLS are securing the protocol (Such as POP IMAP and SMTP), PGP
encrypts a file (the whole e‐mail message) and thereby secures the communication between two
clients. Besides encryption of the e‐mails, a recipient can also identify the sender of the e‐mail
through an authentication by the sender (RUN, 2010). As mentioned before, a downside is that both
clients have to support PGP which has not become a big standard with e‐mail users (yet) (PGP, 2010).
Spamfilters
Most e‐mail providers and clients offer spamfilter options. Even some antivirus programs offer
spamfilters. A spamfilter will intercept e‐mails defined as spam based on the level of privacy that has
been set in the filter. Spamfilters usually work together with your contact history and a personal
database to determine what e‐mails are meant for the user and which are spam. E‐mails defined as
spam will be put in the spam directory and users can scan this directory for possible mistakes. If an e‐
mail slips through the filter the user has an option to mark it as spam, the sender details will then be
taken into account and the e‐mail will be dealt with appropriately.
14
Awareness
Awareness in using your e‐mail account might be just as important as installing technical precautions.
In corporations it is very important for the administrators to create this awareness among the
employees. Important precautions for e‐mail users are listed below.
Keep the number of e‐mail accounts to a minimum. It is wise to split personal and corporate
e‐mail over different accounts but to keep the number of accounts as low as possible.
Besides a personal and corporate account it is recommended to create a separate account
for less secure traffic, a so called spam‐account. This account can be used for internet forms
and unsecure communication (IT Security, 2008).
A more secure way of communication is the telephone. If your message can be sent by a
telephone call it is wise to choose this more secure and private option.
Spam traffic is usually cumulative. This means once you start to receive a lot of spam, the
amount will slowly increase. It is therefore smart to discard accounts which are receiving an
immense amount of spam (IT Security, 2007).
When accessing your e‐mail on a public computer, never use an e‐mail client but always use
the web‐interface of your e‐mail provider. When you are done with the session, close the
browser, log‐out and delete the cache, cookies, history and passwords so there are no traces
of your session left.
Avoid using the reply‐all or BCC option in sending e‐mails. This way you show your own and
other’s e‐mail addresses to a lot of users. Try using the CC option where other e‐mail
addresses are hidden to obtain privacy (IT Security, 2008).
Never send sensitive company information with your (unsecure) personal account, always
use your corporate account where your privacy can be protected by the company’s IT
department. If the information happens to be intercepted, you are less vulnerable in possible
law conflicts (IT Security, 2007).
Create regular backups of you e‐mail account. Important e‐mail might be stored in your mail
directories, always make sure these e‐mails are backed up on your computers. Also when
accessing your e‐mail on a mobile platform and using the POP protocol, make sure there is a
copy of the e‐mail on your server. A cellphone is easily lost and with that you would lose all
your e‐mails too.
An often used technique to obtain your e‐mail address is to send you newsletters with an
unsubscribe option. When you have clicked this option you will be linked to a webpage and
your e‐mail address will be stored. Don’t unsubscribe for these e‐mails unless you remember
subscribing to them (IT Security, 2007).
Phishing mails might slip through your spamfilter depending on the level of thoroughness
you set it to. Identify a phishing mail by looking for anything that implies the mail is not from
who it pretends to be. In the mail you will probably be asked to fill in personal information.
Most banks, web payments and auction sites use web‐forms for these matters so if you are
asked to mail your account details you can assume it is fake. If they give you a link to go to,
always hold your mouse cursor on the link to see where the address may lead you to. Check
carefully for spelling errors in the link which is a common trick to masquerade as a
trustworthy identity (Microsoft, 2010).
15
Realize where your e‐mail goes to and how it travels there. It is important that an e‐mail user
knows how his e‐mail works and what could happen. This might scare the user to avoid e‐
mail to a certain extinct.
16
Sources
(Black, 2010) – What is Email? By Ken Black. http://www.wisegeek.com/what‐is‐email.htm retrieved
on 20‐4‐2010.
(Hardy, 1996) ‐ The Evolution of ARPANET email, by Ian R. Hardy.
http://www.livinginternet.com/References/Ian%20Hardy%20Email%20Thesis.txt retrieved on 20‐4‐
2010.
(Brain, 2008) – How email works? By Marshall Brain and Tim Crosby.
http://communication.howstuffworks.com/email.htm retrieved on 20‐4‐2010.
(Tschabitscher, 2010) – How MIME works, by Heinz Tschabitscher.
http://email.about.com/cs/standards/a/mime.htm retrieved on 20‐4‐2010.
(Hitwise, 2010) – Top 20 Sites & Engines, by Hitwise Pty ltd.
http://www.hitwise.com/us/datacenter/main/dashboard‐10133.html retrieved on 21‐4‐2010.
(Brownlow, 2009) – Email and Webmail statistics, by Mark Brownlow. http://www.email‐marketing‐
reports.com/metrics/email‐statistics.htm retrieved on 21‐4‐2010.
(iHotdesk, 2008) – Email most popular form of communication, by iHotdesk.
http://www.ihotdesk.com/article/18626486/Email‐most‐popular‐form‐of‐communication retrieved
on 21‐4‐2010.
(Pingdom, 2010) – Internet 2009 in numbers by Pingdom.
http://royal.pingdom.com/2010/01/22/internet‐2009‐in‐numbers/ retrieved on 21‐4‐2010.
(Wilson, 1997) – The Journey of packets, by Garret Wilson.
http://www.garretwilson.com/essays/computers/routing.html retrieved on 21‐4‐2010.
(Theall, 2004) – IMAP unencrypted cleartext logins, by George A. Theall.
http://www.securityspace.com/smysecure/catid.html?id=15856 retrieved on 21‐4‐2010.
(Symantec, 2010) – Internet Security Threat Report Volume XV: April 2009, by Symantec.
http://eval.symantec.com/mktginfo/enterprise/white_papers/b‐
whitepaper_exec_summary_internet_security_threat_report_xiii_04‐2008.en‐us.pdf retrieved on
21‐4‐2010.
(GFI Software, 2009) – Protecting your network against e‐mail threats, by GFI Software.
http://www.gfi.com/whitepapers/network‐protection‐against‐email‐threats.pdf retrieved on 22‐4‐
2010.
(Petri, 2009) – What’s a Trojan horse? By Daniel Petri.
http://www.petri.co.il/whats_a_trojan_horse.htm retrieved on 22‐04‐2010.
(Notenboom, 2007) – Whats a botnet? Or Zombie? And how do myself from whatever it is? By Leo
Notenboom. http://ask‐
17
leo.com/whats_a_botnet_or_zombie_and_how_do_i_protect_myself_from_whatever_it_is.html
retrieved on 22‐4‐2010.
(Spamlaws, 2009) Computer Virus: The Types of Viruses Out There, by Spamlaws.
http://www.spamlaws.com/virus‐types.html retrieved on 24‐4‐2010.
(Kamat, 2001) Viruses – Types and Examples, by Mayur Kamat.
http://www.boloji.com/computing/security/015.htm retrieved on 24‐4‐2010.
(Beal, 2009) The difference between a computer virus, worm and Trojan horse. By Vangie Beal.
http://www.webopedia.com/didyouknow/internet/2004/virus.asp retrieved on 24‐4‐2010.
(Lemos, 2000) Inside the ILOVEYOU worm. By Robert Lemos. http://news.zdnet.com/2100‐9595_22‐
107344.html retrieved on 24‐4‐2010.
(Mathews, 2009) Six free antivirus programs made for your Windows 7 system, by Lee Mathews.
http://www.downloadsquad.com/2009/10/24/six‐free‐antivirus‐programs‐made‐for‐your‐windows‐
7‐system/ retrieved on 24‐4‐2010.
(Kaspersky, 2010) Kaspersky Anti‐Virus for Linux Mail server, by Kaspersky.
http://www.kaspersky.com/anti‐virus_linux_mail_server retrieved on 24‐4‐2010.
(Microsoft, 2010) How to handle suspicious mail, by Microsoft.
http://www.microsoft.com/protect/fraud/spam/email.aspx retrieved on 24‐4‐2010.
(CPASecure, 2007) Problems.. by CPASecure. http://www.cpasecure.com/Problems.html retrieved on
25‐4‐2010.
(Bradley, 2010) Introduction to packet sniffing. By Tony Bradley.
http://netsecurity.about.com/cs/hackertools/a/aa121403.htm retrieved on 25‐4‐2010.
(Kayne, 2010) What is a packet sniffer? By R. Kayne. http://www.wisegeek.com/what‐is‐a‐packet‐
sniffer.htm retrieved on 25‐4‐2010
(Windows Live, 2010) What is phishing? By Windows Live. http://onecare.live.com/site/en‐
Us/article/phishing_what.htm retrieved on 26‐4‐2010.
(Information Age, 2006) The hidden danger of spam, by Information Age. http://www.information‐
age.com/articles/295441/the‐hidden‐danger‐of‐spam.thtml retrieved on 26‐4‐2010.
(Google, 2010) The Google ROI calculator, by Google.
http://www.google.com/postini/roi_calculator.html retrieved on 26‐4‐2010.
(RUN, 2010) E‐mail en PGP, by Radboudt University Nijmegen. http://www.ru.nl/ict‐
beveiliging/cert_ru/algemene_informatie/e‐mail_en_pgp/ retrieved on 27‐4‐2010.
(UITS, 2009) What is the difference between SSL and TLS, by Univesity Information Technologies
Services. http://kb.iu.edu/data/anjv.html retrieved on 27‐4‐2010.
(PGP, 2010) PGP Desktop e‐mail, by PGP corporation.
http://www.pgp.com/products/desktop_email/ retrieved on 27‐4‐2010.
18
(Technet, 2010) Technet Library – What is TLS/SSL? By Technet Microsoft Corporation.
http://technet.microsoft.com/en‐us/library/cc784450(WS.10).aspx retrieved on 27‐4‐2010.
(IT Security, 2008) Hacking Email: 99 Tips to Make you More Secure and Productive, by IT Security.
http://www.itsecurity.com/features/99‐email‐security‐tips‐112006/ retrieved on 27‐4‐2010
(IT Security, 2007) 25 Most common mistakes in e‐mail security, by IT security.
http://www.itsecurity.com/features/25‐common‐email‐security‐mistakes‐022807/ retrieved on 27‐
4‐2010.