course contenet

Chapter  5: Exploring Electronic Mail and Managing Associated Threats

Electronic Mail

Electronic Mail is a digital medium of communication widely used to exchange messages acroSs the Internet. It was invented by Ray Tomlinson in 1972. Email is used for sending and receiving electronic messages over the Internet.  Companies such as Google and Microsoft that provide email functionality maintain huge server farms to store the large volume of data that is created. You can send text, audio, and video to a recipient in a single email message. 

The main benefits of email 

Simplicity: Email is easy to use. UserS can send and receive communication by typing the message in an email editor. Ihe intertace of the editor is similar to Microsoft Word with which mOst people using computers are already tamiliar. Email allows yoOu to electronically store the messages that are sent and received.

Address book and other productivity tools: Email is integrated with the address book, calendar, instant messaging and other productivity tools that are available in WindowS and other operating systems.

Speed: Email is delivered instantly to the recipient since it is done electronically. This ensures that there is no delay unlike traditional mail.

Cost effectiveness: Email usage is free on the Internet unlike traditional malil. Therefore, it is highly desirable. For example, Gmail, Rediffmail, Yahoo mail and so on.

Easy mail management: Email service providers provide multiple features that help you to easily manage your inbox. You can create different labels and assign them to emails in order to group them together. Additionally, you can filter, prioritise and send emails to different groups. 

Communication with multiple people: Internet email service allows users to communicate with multiple people at the same time. Therefore, an email can be addressed to multiple recipients unlike a letter.

Accessibility: Email can be accessed anytime, anywhere, across the globe. Moreover, you can access it using a host of devices such as laptops, smartphones, tablets and so on.

Email Address

For using email, users need an email account. Each account is assigned a unique email address. You need to use your email address for sending and receiving email messages. An email address has two parts, username and domain name. Username iS the name that identifies the user and domain name hosts the email account. Both are separated by the "@'symbol. For example rahul@sample.org.

Structure of an Email

1. Header: An email header contains detailed information about the email rather than the body text, such as the sender's, recipient's address, date and time when the message was sent and subject of the message. Ihe subject line provIdes a briet description about the content of the email. The header provides an option to include the email address of other recipients in case the email is sent to more than one recipient.

2. Message body: The message body contains the actual content of the message which is in the form of text.It may also include attachments such as audio, vIdeos, software, files of different formats, etc. Ihe content of the email may vary according to the different email systems used by each user

3. Signature: Signature of email is the part that provides the information of the sender to the recipient. This part may also include signature or text generated automatically by the sender's email system. User can also set their email account to enter the signature line automatically on the emails sent.

Compose and send an Email

1. The sender compOses the email message using an email service.

2. Once the sender sends the message, along with the attachments (if any), it is uploaded to the Simple Mail Transfer Protocol (SMTP) server as an outgoing mail.

3. The SMTP server communicates with the Domain Name Server (DNS) to locate the email server of the recipient.

4. If the recipient's email server is found, then the message is transferred to it else the sender receives a delivery failure notification.

5. The recipient (f found) receives and downloads the message.

Email Security: 

Email Security Issues

Malicious email attachments: When a user receives a suspicious email attachment from an unknown sender, such attachment is referredas malicious email attachment. This email attachment, if downioaded, may result in the user's login data getting compromised or cause damage to the operating system.

Malicious user direction: Malicious user direction emails lure a user by promising something that is completely different from what will eventually be delivered. The aim is to encourage the user to click a link that may redirect to another link or website hosting malware or spyware. Eventually, the user's system is infected by the malware/spyware.

Spamming: Spam email is the unwanted junk mail that arrives in user's mailbox such as brochures and pamphlets. Spam emails are sent in large quantity to an arbitrary set of recipients. These are also called Unsolicited Buik Email (UBE) or Unsolicited Commercial Email (UCE).

Snowshoe spamming: Snowshoe spamming refers to the practice of sending spam across multiple domains and IP addresses to dodge filters. The use of multiple domains and IP addresses makes it difficult to recognise and catch snowshoe spams.

Phishing: Phishing is the practice of obtaining private information in a fraudulent manner. Phishing emails are legitimate looking emails that makes a user believe in them. An email may appear under the name of trustworthy company or a website requesting you to update your details.

Spear phishing: Spear Fishing has emerged as a recent threat. Like Phishing. spear phishing is the practice of obtaining private information in a fraudulent manner, but targets only few users or a specific individual. Phishing aims at sending large volumes of emails with the expectation that only few will respond. On the contrary, spear fishing requires the attackers to research and targets few people.

Spoof mail: Spoof mail, also called hoax mail, is a fake email message which is propagated as a genuine email. It is basically a scam that is designed for making a monetary gain.

Encryption

Encryption is the process of transforming plain text (data sent) into cipher text (data received) to prevent unauthorized access. This is done by using encryption algorithms such as RSA (Rivest-Shamir-Adleman) algorithm. Encryption is done by using an encryption key based on which plain text is converted into cipher text. The purpose of data encryption is privacy. Encryption is needed to protect the data confidentiality as it is stored on the Internet during transmission.

Decryption is the process of transforming the cipher text back to the plain text so that it becomes readable. It is the opposite of encryption. Cipher text can be decrypted with the help of decryption key. Encryption and decryption key both can be same or different depending on the type of encryption technique used.

Types of Encryption

There are 2 types of encryption: Symmetric and Asymmetric.

1.Symmetric Encryption: In symmetric encryption, the same key is used for encryption and decryption. Therefore, it becomes critical to transfer the data using symmetric encryption because if the key is hacked, the entire encryption get corrupted. Some commonly used symmetric encryption algorithms are DES, IDEA, Twofish, Blowfish, Serpent, RC2, RC4 and Triple DES.

2.Asymmetric Encryption:  Asymmetric encryption uses a pair of keys. One key for encryption and decryption each. Both the keys are different. Between two, one key is a public key and the other is a private key. Public key (kept with the sender) is used for encrypting the messages and private key (kept with the receiver) is used for decrypting the messages. Data encrypted using a public key can only be decrypted using the corresponding private key. This method enables transmission of data without the risk of unauthorised or unlawful access. The process is slow and complex but more secure than symmetric encryption. Some of the asymmetric encryption algorithms are RSA, Diffie Hellman and XTR.

Drawbacks of Encryption

• Encrypted data is dificult to access, even for genuine or legitimate users.
• Encryption does not hide the details of the sender and recipient for email messages.
• Subject line of the email is not encrypted and is exposed.
• Encrypting data is expensive because the systems must have capacity and upgrades to perform such task.