Security Blog
By Shahzad SubhaniFebruary 9, 2022May 31st, 2022 No Comments
Introduction
The Purpose of this article is to provide a simplified version of email security basic elements . What does it mean , how email works and what are the key components of email security.
Email security can be defined as the use of various techniques to keep the sensitive information in email communication and accounts secure. In order to understand email security , one needs to understand on how email works and what are the different elements that comprise of an email system . It is also important to know that the whole objective of email security is to ensure that the end users (individuals or corporate) receive secure and safe emails .Users should not waste their valuable time in filtering good email from the bad emails .
How Email Works
In order to show how email works , I was able to find a very good diagram which I will share here . It is taken fromKavi Help Centerand you can see how an email flows from a sender outbox to recipient mailbox using the company mail server as well as the Internet . If you want to understand each step , Please refer to thesource link.
Email Security Protocols/Ports and Key Terms
All the emails are sent and received using SMTP protocol .SMTP Stands for Simple Mail Transfer Protocol and uses Port 25 . SMTP was initially defined in RFC 821 which was later revoked byRFC 2821. Some of the key terms for email security are given below .
• SMTPS (SMTP Secure via TLS OR SSL and Port is 567) is encrypted email however this protocol is not used widely
• TLS (Transport Layer Security) is used to send email securely (Encrypted) between Two Servers by issuing STARTTLS command
• MTA is a very common term .It is short for Mail Transfer Agent and is used for any SMTP Server sending and receiving emails
• MUA is short for Mail User Agent and refers to any Email Client
SMTP Response Codes
SMTP Response Codes is a way for servers to communicate or talk with each Other . If an Email is not being delivered , always look at the Response code given by Destination Server .
Here are some common SMTP Response Codes .
• 220 –SMTP Service Ready
• 221 –Service Closing
• 250 –Requested Action taken and Completed
• 421 –Please Try Later OR Service is not available
• 50x –Server Could not recognize the command
• 550 –No Such User Here OR User Mailbox not Available
SMTP Related DNS Records
The most Important part about SMTP or email security is to know about the DNS Records as they have a vital role in Email flow .
- MX Record-It is a DNS Record which is created to show which server will receive emails for an organization . It is very Important for any organization . Without an MX Record ,you can’t receive emails for your domain/organization .
- MX Record Priorityis very important too . The Smaller it is , The Higher the Priority is .Here is a Sample MX Record for gmail.com . Mail Servers will send emails to the Servers which are on lower priority of 5 . If they are not available ,they will try to servers with priority of 510 and so on. All the servers with same mx priority will be actually load balancing the incoming emails .
- SPF Record: It is a DNS Record which will show which IP Addresses are authorized to send email on an organization’s behalf.
- DKIM (DomainKeys Identified Mail): DKIM means digitally Signing all outgoing emails with a Private Key to ensure that Email is actually sent by the Sender Domain itself and it is not spoofed . Domain Key (Public Part) is Published as a TXT Record so that Servers can verify it .
- DMARC (Domain-based Message Authentication, Reporting & Conformance): It is an Email Authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols .
Typical Email Scenario
This SMTP example is taken fromRFC 2821.It shows mail sent by Smith at host bar.com, to Jones, Green, and Brown at host foo.com. Here we assume that hostbar.comcontacts hostfoo.comdirectly. The mail is accepted forJonesandBrown. HoweverGreendoes not have a mailbox at host foo.com so it is rejected.
S Shows Responses from SMTP Server and C shows Responses from Client .
S: 220 foo.com Simple Mail Transfer Service Ready
C: EHLO bar.com
S: 250-foo.com greets bar.com
S: 250–8BITMIME
S: 250-SIZE
S: 250-DSN
S: 250 HELP
C: MAIL FROM:<[emailprotected]>
S: 250 OK
C: RCPT TO:<[emailprotected]>
S: 250 OK
C: RCPT TO:<[emailprotected]>
S: 550 No such user here
C: RCPT TO:<[emailprotected]>
S: 250 OK
C: DATA
S: 354 Start mail input; end with <CRLF>.<CRLF>
C: Blah blah blah…
C: …etc. etc. etc.
C: .
S: 250 OK
C: QUIT
S: 221 foo.com Service closing transmission channel
Practical Tip
In order to check MX/SPF Record for any domain , You can use below mentioned websites .
Conclusion
This is my first article on email security series . In my next article , I will talk about types of Email Attacks . I have also made a video on Email Security Basics which has some demonstration as well . If you want to learn things like how to send email via telnet , just check out this Email Security 101Video as well .
Tags:
dmarcemailemail mx recordEmail Securityhow email worksspf recordwhat is email security
