How Email Works

The World Wide Web

• The web (http/html) is built on TCP/IP
• Email is also built on TCP/IP
• Web centered on standards HTTP, HTML
• Email centered on SMTP standard (simple mail transfer protocol)
• All sent over standard TCP/IP connections
• i.e. "Built on TCP/IP standard internet"
• Communicating with TCP/IP packets, just as we've seen

Email Account

• An email "account" on a server
• Server = on the internet, running all the time
• Servers exchanges email data on the internet (SMTP)
• e.g. alice@foo.com bob@bar.com
• Two distinct services: sending email, receiving email

Scenario: sending

• alice@foo.com composes an email for bob@bar.com
• Alice hits the "Send" button on her laptop
• Her mail software immediately sends the email to foo.com SMTP service which will attempt to forward it on to bar.com
• Normally, SMTP sends the email to bar.com with a few seconds
• However, if bar.com is "down", foo.com holds the email and tries to re-send for 24 hours or more
• Eventually, if the email is unsendable, foo.com will send a "bounce" notification back to alice
• Alice's email says "From: alice@foo.com", but the software can put anything there (forging from: is trivial)
• Notice that the laptop does not try to send to bar.com directly, since Alice might shut the lid right after hitting send. The foo.com SMTP server will keep trying to send persistently for her.

Scenario: receiving

• the bob@bar.com account is receiving email
• The bar.com server accepts incoming email to "bob" around the clock, stores it in an inbox
• No special permission is required to send email to an account
• Bob wants to check his email
• His email "client" software connects to bar.com, gets a list of the messages in the inbox
• "Thick" Application option: software application running on laptop (e.g. Thunderbird, Apple Mail) connects to bar.com to see/update email there (protocols: IMAP, POP)
• "Thin" Web option: bob.com presents a web page listing the email, everything is done through the browser (HTTP, HTML) (e.g. gmail)

Bad Guys: Spam Etc.

• Spam rule #1: someone's attention is worth a little money (Viagra ads etc.)
• Spam is about stealing that bit of attention
• The term "spam" came into use as reference to this Monty Python Spam Sketch. You cannot say that there is no whimsy in our world!
• Spam abuses SMTP, flooding millions of emails into accounts. No doubt this does not need to be explained to anyone!
• Often the spammers are not using their own computers to send the spam (see "zombie" the security lecture)
• Mail receiving computers now use anti-spam filters to try to detect spam. Unfortunately this makes sending legitimate email slower and less reliable.

Spam Technical Fixes - Maybe?

• Spam has been getting a little less annoying in my life, just a little
• Possible technical fixes:
• a. Make the from: hard to forge (SPF and DKIM standards work on this)
• b. Then can have a "reputation" over time, to sort out spammers from real senders
• Question: will there be a time when Spam largely disappears from our lives? (i.e. technical fixes are possible) I believe this is likely, but it sure hasn't happened yet.
• Lesson: you make a valuable system, but of course leeches/weeds will be attracted to your system too, so it needs to resistant to bad behavior.
• e.g. web forums
• SMTP has poor leech resistance (in fairness, it's a 30 year old design and it is being slowly updated)