Email Management
Contents
• Email clients – choosing and using • Email message header and content • Emailing to lists of people
• In and out message management • Mime attachments and HTML email • SMTP, HTTP, POP, IMAP
• Web mail
Email Client
• The software that receives, displays, and allows the creation and sending of emails
– What you use on your computer to read & write email
• Lists messages,
– usually has an address book for contacts, – should offer folders for organising emails etc.
• Some security support such as spam and scam detection
Choosing One
• Open Source
– Eudora - www.eudora.com
– Thunderbird - www.mozilla.org/thunderbird
• Proprietary
– MS Outlook (probably most used) – Apple Mail.app (which I use)
• There’s lots of others
MIME Protocol
• Why is it needed?
– The original mail system supported only ASCII text. – For the history of email see
http://en.wikipedia.org/wiki/Email
• MIME = Multipurpose Internet Mail Extension • MIME allows:
– Attachments to email messages
• Not just ASCII characters
– Alternative character sets – Multi-part messages
• Tells the email client how to handle the message content
– What character sets to use
HTML Content
• Early email clients displayed text and nothing more
• MIME allows attachments and other character sets
– Very important now!
• HTML enabled email clients allow HTML to be used to design the display of an email
message’s content
• Text that is obviously a URL is made into a link • Email addresses link to compose a message
Writing HTML Content
• Not everyone has a HTML enabled client, and some people turn it off, so you can’t be sure a HTML message will be readable
– E.g. some webmail clients like SquirrelMail – Also: some people simply turn HTML off
• Because they prefer simple textual email
• Because a great deal of the non-textual email is advertising
Email Headers
• The message part of an email is its body • Email messages also have a header,
which contains information about the message, the sender and the recipient • Made up of Key:Value pairs
body
Email Header
• From: email address of sender • Date: date message was sent
• Message-ID: automatically generated ID
• In-Reply-To: ID of message being replied to • To: email addresses
• Subject: Subject of message
• Cc, Bcc: other recipient addresses • Content-Type: Usually a MIME type
Routing Info
• The email header also tells you the route an email took between the sender and
recipient
• Received: server name and IP address, mail server name
• A message can have multiple received: lines
• Read from bottom up to go from origin to destination
Received: from lek.cs.stir.ac.uk by yen.cs.stir.ac.uk (8.14.5) id qB3DSH9M019419; Mon, 3 Dec 2012 13:28:17 GMT
Received: from mail-pb0-f45.google.com by lek.cs.stir.ac.uk (8.14.5) with ESMTP id qB3DSFRb003986; Mon, 3 Dec 2012 13:28:16 GMT
Received: by mail-pb0-f45.google.com with SMTP id mc8so1918124pbc.32 for <[email protected]>; Mon, 03 Dec 2012 05:28:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.68.247.196 with SMTP id yg4mr29374650pbc. 167.1354541279724; Mon, 03 Dec 2012 05:27:59 -0800 (PST)
Received: by 10.68.56.74 with HTTP; Mon, 3 Dec 2012 05:27:59 -0800 (PST)
Date: Mon, 3 Dec 2012 13:27:59 +0000
Message-ID: <CAB4axPcAFcRK1xxFqYb7RUS933VCjUQ2xPLaNzwcwbAV [email protected]>
Subject: Example Email Header
From: Kevin Swingler <[email protected]> To: Kevin Swingler <[email protected]>
Faking/forging the Header
• You can put what you want in most of the header,
– You can pretend to be sending an email from somebody else, for example
• You can add fake Received: lines too, but only at the bottom of the header
– real ones are added by other servers once it has been sent
• Unfortunately this is very easy to do.
• Email is extremely insecure in all sorts of ways
Mail Architecture
Client Person A Outgoing Server SMTP Client SMTP User Mail Boxes Inbound Server IMAP Internet SMTP POP3Mail Servers
• To send and receive email, you need access to two mail servers:
– Incoming – Outgoing
• The outgoing mail server will be an SMTP server – Simple Mail Transfer Protocol
• This handles moving email from the
sender to a mailbox for the recipient on the recipient’s incoming mail server
Incoming Mail Server
• SMTP gets the mail from the sender to the recipient’s inbound mail server
• There are a few options for getting the message from the inbound server to the mail client
• Main two are:
– POP3: Post Office Protocol
POP3
• Post Office Protocol
• Used back when internet connections involved dialling in to a server
• Allowed you to download all messages onto the client
• Generally deleted them from the server • Allows offline working on emails
IMAP
• Internet Message Access Protocol
• Mail client interacts directly with the server
– Messages stay on the server
– Headers downloaded before messages – Messages can be deleted without ever
downloading them (if the header suggests it) – Messages can be cached locally to allow
off-line working, but cache is synchronised with server
Web Mail
• Hotmail, Googlemail (gmail), etc. are examples of web mail services
– You interact with your mail through a website
• Really a portal
• Advantages are that you can gain access
from any computer – you don’t need an email client set up to read it
• Disadvantages are that it can be slower and less flexible than a good email client
– And you cant read old emails when you’re off-line
Spam Email
• Unwanted email, either trying to sell you something or con you or …
• Takes advantage of
– Email being free
– Email being insecure
• Illegal in many countries, including the UK
– Ha bloody ha!
Spam Law, UK
• The Privacy and Electronic
Communications Regulations 2003 • It is illegal to send marketing email to
individuals unless:
– you have their express consent
– you have a clear customer relationship
• But the law isn’t working.
Spam Law, UK
• If you do send such messages, they must:
– Reveal the identity of the sender
– Give a valid address for opt-out requests
• Opt-out preferences must be respected • You can also send messages if
– It is part of a sale negotiation
– It relates to similar products or services
Spam Protection
• Spammers get email addresses from a variety of sources, including web pages • If yours is on a web page, protect it to
make automated ‘harvesting’ impossible:
– Put it in an image, rather than using text
Un-Subscribing
• A legitimate business must let you opt-out of receiving email
• Should be by sending a short message (“op-out”, for example) to a specified address
• Illegal spammers might treat this as proof that your email address is ‘live’ and sell it to others, so think before you opt-out
Spam Filter
• Most spam filters need to be trained• They learn what your genuine email looks like and how it differs from spam
• Take a little time to train yours by flagging spam messages as such
• Most email clients have a facility for this
• But spammers are very clever: don’t be taken in
– If it looks to good to be true it almost certainly is! – Be very careful in following links in emails
• And remember that because it appears to come from (say) a bank, that means nothing at all
• And never provide secret information (like passwords, pin numbers etc.) to a web form.