Contents Email Management CSCU9B2 Email clients choosing and using Email message header and content Emailing to lists of people In and out message management Mime attachments and HTML email SMTP, HTTP, POP, IMAP Web mail Spam: why is email so c**p? CSCU9B2 1 CSCU9B2 2 Email Client The software that receives, displays, and allows the creation and sending of emails What you use on your computer to read & write email Lists messages, usually has an address book for contacts, should offer folders for organising emails etc. Some security support such as spam and scam detection (possibly) CSCU9B2 3 Choosing One Open Source Eudora - www.eudora.com Thunderbird - www.mozilla.org/thunderbird Proprietary MS Outlook (probably most used) Apple Mail.app (which I use) There s lots of others http://en.wikipedia.org/wiki/comparison_of_email_clients CSCU9B2 4 1
MIME Protocol Why is it needed? The original mail system supported only ASCII text. For the history of email see http://en.wikipedia.org/wiki/email MIME = Multipurpose Internet Mail Extension MIME allows: Attachments to email messages Not just ASCII characters Alternative character sets Multi-part messages Tells the email client how to handle the message content What character sets to use How to handle files such as media and application files CSCU9B2 5 HTML Content Early email clients displayed text and nothing more MIME allows attachments and other character sets Very important now! HTML enabled email clients allow HTML to be used to design the display of an email message s content Text that is obviously a URL is made into a link Email addresses link to compose a message CSCU9B2 6 Writing HTML Content Not everyone has a HTML enabled client, and some people turn it off, so you can t be sure a HTML message will be readable E.g. some webmail clients like SquirrelMail Also: some people simply turn HTML off Because they prefer simple textual email Because a great deal of the non-textual email is advertising Or just rubbish header Email Headers body The message part of an email is its body Email messages also have a header, which contains information about the message, the sender and the recipient Made up of Key:Value pairs CSCU9B2 7 CSCU9B2 8 2
Email Header From: email address of sender Date: date message was sent Message-ID: automatically generated ID In-Reply-To: ID of message being replied to To: email addresses Subject: Subject of message Cc, Bcc: other recipient addresses Content-Type: Usually a MIME type Reply-To: email address to send replies to Routing Info The email header also tells you the route an email took between the sender and recipient Received: server name and IP address, mail server name A message can have multiple received: lines Read from bottom up to go from origin to destination CSCU9B2 9 CSCU9B2 10 Example Received: from lek.cs.stir.ac.uk by yen.cs.stir.ac.uk (8.14.5) id qb3dsh9m019419; Mon, 3 Dec 2012 13:28:17 GMT Received: from mail-pb0-f45.google.com by lek.cs.stir.ac.uk (8.14.5) with ESMTP id qb3dsfrb003986; Mon, 3 Dec 2012 13:28:16 GMT Received: by mail-pb0-f45.google.com with SMTP id mc8so1918124pbc.32 for <kms@cs.stir.ac.uk>; Mon, 03 Dec 2012 05:28:00-0800 (PST) MIME-Version: 1.0 Received: by 10.68.247.196 with SMTP id yg4mr29374650pbc.167.1354541279724; Mon, 03 Dec 2012 05:27:59-0800 (PST) Received: by 10.68.56.74 with HTTP; Mon, 3 Dec 2012 05:27:59-0800 (PST) Date: Mon, 3 Dec 2012 13:27:59 +0000 Message-ID: <CAB4axPcAFcRK1xxFqYb7RUS933VCjUQ2xPLaNzwcwbAV+rG_=A@m ail.gmail.com> Subject: Example Email Header From: Kevin Swingler <kevswingler@googlemail.com> To: Kevin Swingler <kms@cs.stir.ac.uk> CSCU9B2 11 Faking/forging the Header You can put what you want in most of the header, You can pretend to be sending an email from somebody else, for example You can add fake Received: lines too, but only at the bottom of the header real ones are added by other servers once it has been sent Unfortunately this is very easy to do. Email is extremely insecure in all sorts of ways You cannot trust any of the header fields. CSCU9B2 12 3
Mail Architecture Mail Servers Outgoing Server SMTP Internet SMTP Client Person A Client SMTP Person B POP3 Inbound Server User Mail Boxes IMAP CSCU9B2 13 To send and receive email, you need access to two mail servers: Incoming Outgoing The outgoing mail server will be an SMTP server Simple Mail Transfer Protocol This handles moving email from the sender to a mailbox for the recipient on the recipient s incoming mail server CSCU9B2 14 Incoming Mail Server SMTP gets the mail from the sender to the recipient s inbound mail server There are a few options for getting the message from the inbound server to the mail client Main two are: POP3: Post Office Protocol IMAP: Internet Message Access Protocol Post Office Protocol POP3 Used back when internet connections involved dialling in to a server Allowed you to download all messages onto the client Generally deleted them from the server Allows offline working on emails Problem if you have more than one client CSCU9B2 15 CSCU9B2 16 4
IMAP Internet Message Access Protocol Mail client interacts directly with the server Messages stay on the server Headers downloaded before messages Messages can be deleted without ever downloading them (if the header suggests it) Messages can be cached locally to allow offline working, but cache is synchronised with server CSCU9B2 17 Web Mail Hotmail, Googlemail (gmail), etc. are examples of web mail services You interact with your mail through a website Really a portal Advantages are that you can gain access from any computer you don t need an email client set up to read it Disadvantages are that it can be slower and less flexible than a good email client And you cant read old emails when you re off-line Note you can read some Web mail using an IMAP client, e.g. Google CSCU9B2 18 Spam Email Unwanted email, either trying to sell you something or con you or Takes advantage of Email being free Email being insecure Illegal in many countries, including the UK Ha bloody ha! I get between 10 and 100 spam emails daily! Spam Law, UK The Privacy and Electronic Communications Regulations 2003 It is illegal to send marketing email to individuals unless: you have their express consent you have a clear customer relationship But the law isn t working. Is that a surprise? CSCU9B2 19 CSCU9B2 20 5
Spam Law, UK If you do send such messages, they must: Reveal the identity of the sender Give a valid address for opt-out requests Opt-out preferences must be respected You can also send messages if It is part of a sale negotiation It relates to similar products or services An opt-out option was given and not taken Spam Protection Spammers get email addresses from a variety of sources, including web pages If yours is on a web page, protect it to make automated harvesting impossible: Put it in an image, rather than using text Spell it: lss(at sign)cs dot stir dot ac dot uk CSCU9B2 21 CSCU9B2 22 Un-Subscribing A legitimate business must let you opt-out of receiving email Should be by sending a short message ( op-out, for example) to a specified address Illegal spammers might treat this as proof that your email address is live and sell it to others, so think before you opt-out Spam Filter Most spam filters need to be trained They learn what your genuine email looks like and how it differs from spam Take a little time to train yours by flagging spam messages as such Most email clients have a facility for this But spammers are very clever: don t be taken in If it looks too good to be true it almost certainly is! Be very careful in following links in emails And remember that because it appears to come from (say) a bank, that means nothing at all And never provide secret information (like passwords, pin numbers etc.) to a web form. CSCU9B2 23 CSCU9B2 24 6