Chapter 12. Electronic mail (E-mail) Security

IN THIS CHAPTER

  • Overall security issues and concerns with e-mail

  • E-mail risks

  • E-mail protocols

  • E-mail authentication

  • Operating safely when using e-mail

Along with Web browsing, e-mail has made the Internet popular, widespread, and indispensable for most users. Despite its critical role in the typical Internet user's life, e-mail is comparatively insecure. Many people rely on e-mail and use it as an integral part of their job. However, most users forget that the content and the sender are not authenticated or validated, so it can easily be spoofed. This is one of the reasons that phishing attacks are so prevalent and successful.

The E-mail Risk

E-mail is widely used and has a well-defined and universally implemented protocol, which is SMTP (simple mail transfer protocol). Therefore, it is a prime target for hackers developing attacks. Attacks on e-mail focus on two areas: the delivery and execution of malicious code (malcode) and the disclosure of sensitive information. The latter gets little publicity because it is easily done and does not require a sophisticated attack.

The two main attack vectors that are used are:

  • Auto-processing—Many mail clients automatically open and preview content when it is received, even if the user is not at the system. Therefore, a carefully crafted attack could automatically run on a system with no action required from the user.

  • Social engineering—Many e-mail attacks are meant to manipulate a person into clicking on ...

Get Network Security Bible, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.