Attack Over Email System: Review

Total Page:16

File Type:pdf, Size:1020Kb

Attack Over Email System: Review International Journal of Scientific Research & Engineering Trends Volume 3, Issue 5, Sept.-2017, ISSN (Online): 2395-566X Attack over Email System: Review Anuradha Kumari Nitin Agrawal Umesh Lilhore Computer Science & Engineering Computer Science & Engineering Computer Science & Engineering NRI Institute of Information Science & NRI Institute of Information Science & NRI Institute of Information Science & Technology, Bhopal, India Technology, Bhopal, India Technology, Bhopal, India Email: [email protected] Email: [email protected] Email: [email protected] Abstract – Email has become an integral part of our life. Email is reliable and authentic method for exchanging message. But Email systems are facing increasing security threats from local and distributed unethical elements. Keeping the email system secure is of supreme importance to every organization whether running its own emails system or using email services from internet service provider (ISP). Denial of service (DoS) attacks is more prevalent on email system. Various DoS attacks on email system are Chain bombs, error message bombs. Zip bombs and mass mailing bombs. In this paper email architecture and their security issue is discuss and explain their vulnerability with counter measure . Keywords – Email, Web Mining, Dos Attack, Email Bombing, Mass Mailing. I. INTRODUCTION flood the mail server so that mail server becomes occupied or is unserviceable [3]. Mass e-mail attacks also used to Web technology is used to implement the “Web or fake the identity of the intruder, degrade the accessibility www” portion of Web Services. Web servers and web of communications systems, damage the integrity of browsers are communicating client-server computer institution, or secretly share out illegitimate material. programs for distributing documents and information, generally called web data, over the Internet. Web data are II. ARCHITECTURE OF EMAIL SYSTEM marked up in the HTML language for presentation and interaction with people in web browsers. Each web server The first uniform architecture for email defined an email uses an IP address or domain name as well as a port system into user world and transfer world as shown in the number for its identification [6]. People use web browsers figure 1. User world is defined as Mail User Agents to send data requests to web servers with the HTTP (MUA), and the transfer world, as Mail Handling Service protocol, and the web servers running on server computers (MHS) [8]. Mail Handling Service is composed of Mail either retrieve the requested data from local disks or Transfer Agents (MTAs). The MHS accepts an email from generate the data on-the-fly, mark up the data in HTML, one sender and delivers email to other users. MHS and send the resulting HTML files back to the web predefine a virtual MUA-to-MUA exchange environment browsers to render. Apache, Tomcat and IIS are popular [8]. Sender-to-receiver Internet Mail exchange is web server programs, and IE and Firefox are popular web performed by using a uniform infrastructure. Mail browsers. exchange system has four components namely Email Email is one of the most common applications used Object, Global Addressing, Point-to-Point Transfer daily by millions of people world-wide. Email is Mechanisms, No requirement for Author, Originator, or transmitted over internet by email transmission Protocol Recipients to be online at the same time. such as Simple Mail Transport Protocol (SMTP) or Secure/Multipurpose Internet Mail Extensions (MIME). SMTP according to [1] defines the message format and SMTP server (mail transfer agent) stores and routes message throughout the internet. Mail Transfer Agents (MTA) uses the Simple Mail Transfer Protocol (SMTP) for relaying emails. MTA is commonly a target of planned or unplanned DoS attacks. A few emails may totally load an email server resulting in a Denial of Service (DoS) condition. In SMTP DoS the delivery procedure is harmed so much that the legitimate e-mails are affected with a non-tolerable delay [2]. Email bombing is one form of SMTP denial of service attack that floods an inbox and mail server with messages. The email bomb may also damage in the form of loss of internet connectivity and many more [3]. These cases may result in more serious problems especially if one is using internet connection for Fig.Ошибка! Текст указанного стиля в документе business purposes. E-mail bombs have one key objective: отсутствует.. Architecture of Network Email © 2017 IJSRET 200 International Journal of Scientific Research & Engineering Trends Volume 3, Issue 5, Sept.-2017, ISSN (Online): 2395-566X Mail Handling Service (MHS) The Mail Handling Service (MHS) as shown in the figure 2 accomplish a sender-to-receiver transfer of mail. Transfers of email are performed using one or more Relays. Email services in organization typically have only one Relay [8]. Relay TheRelay accomplishes routing of email from sender to receiver, by transmitting or retransmitting the email as shown in figure 1-3. The Relay appends routing information [RFC2505]. Relay does not alter the message content or information on message envelop. Relay may alter message content type, like binary to text as per the suitability of the next node in the MHS [8]. Fig.3. Main Components of Email System In addition to main components shown in figure above, a few notification and filtering components are present in Internet mail architecture: Delivery Status Notification (DSN) A Delivery Status Notification (DSN) is a notification message. DSN may be generated by the MHS components like MSA, MTA, or MDA. MDA and MTA are sources of DSNs and S-MSA is its recipient. DSNs provide notification about message transfer, such as errors in email transfer or successful delivery [8]. Message Disposition Notification (MDN) A Message Disposition Notification (MDN) is a notification. MDN gives information related to post- delivery processing, such as representing that the email Fig.2. Email Architecture with Relay has been displayed. MDN may be originated by an R- MUA and is received to the S-MUA [8]. The Internet Mail architecture composed of six basic Message Filter (MF): types of components as shown in the figure 1-4; all Message Filter is a scripting language to state conditions components are needed to perform a store-and-forward for handling of mail, typically at the time of delivery. operation of email [8]. Scripts may be used in a variety of ways, as a MIME part. Message filter script operates from the R-MUA to the 1. Message MDA. However, message filtering is done at many points 2. Mail User Agent (MUA) along the transfer path [8]. a. Sender’s Mail User Agent (S-MUA) Message Data b. Receiver’s Mail User Agent (R-MUA) The purpose of the Mail Handling Service (MHS) is to send the message from its originator to its recipients. A 3. Message Submission Agent (MSA) message is composed of a route-information envelope and a. Sender’s Message Submission Agent (S-MSA) the message content. The envelope contains details used b. MHS’s Message Submission Agent (H-MSA) by the MHS. The message content is parted into a header 4. Message Transfer Agent (MTA) part and the body part. The header part comprises route 5. Message Delivery Agent (MDA) information and body part comprises sender’s message a. MHS’s Message Delivery Agent (MDA) contents. The body may be lines of text or attachments [8]. b. Receiver’s Message Delivery Agent (R-MDA) Mail User Agent (MUA) The Sender’s MUA (S-MUA) generates a message and 6. Message Store (MS) performs submission of message into the Mail handling a. Sender’s Message Store (S-MS) service through a Mail Submission Agent (MSA). S-MSA b. Receiver’s Message Store (R-MS) may arrange messages in many ways. The common way of arranging messages is in "folders". Folder method creates a folder for messages under development known as Drafts. © 2017 IJSRET 201 International Journal of Scientific Research & Engineering Trends Volume 3, Issue 5, Sept.-2017, ISSN (Online): 2395-566X Draft is a folder for Queued or Unsent messages waiting to transfer method. Transfer from an MDA to an MS is done be sent. Messages that have been posted are kept under through an access protocol, like as POP or IMAP. Sent folder [8]. The Recipient MUA (R-MUA) works on Gateways Recipient’s side to receive and process email. Processing A Gateway does the basic transfer and routing work of at receiver side includes generating user-level control email relay. Gateway is allowed to alter address, content, messages, displaying the received message, replies and structure, or other attributes. Modifications are needed to forwarding new messages. send the email into a messaging environment under Message Store (MS) different internet standards or mismatched policies. The An MUA make use of a Message Store (MS). MS may critical difference between a Gateway and an MTA is that be on a server or on the local machine as the MUA. An former may make essential changes to a message required MS gets email from an MDA either from a local method to transfer the message [8]. or by means of POP or IMAP [6]. Mail Submission Agent (MSA) III. VULNERABILITIES IN EMAIL SYSTEM Mail Submission Agent (MSA) uses SMTP and TCP for submitting mail to Mail Handling Service (MHS). MSA Vulnerability is a weakness or flaw in the system. imposes different requirements, such as access permission. Vulnerability allows an attacker to reduce a system's A Mail Submission Agent (MSA) gets the emails security. Vulnerability is the combination of three things: a submitted by the S-MUA and make mail to adhere to the system has flaw, attacker access to the flaw, and attacker Internet standards. MSA is divided into two has ability to exploit the flaw. In order to launch an attack subcomponents, S-MSA and H-MSA, respectively [8].S- on a mail service, the attacker will need to select and focus MSA appends header fields, such as Message-ID and Date on a section of the mail flow to exploit.
Recommended publications
  • Red Hat Enterprise Linux 3 Security Guide
    Red Hat Enterprise Linux 3 Security Guide Red Hat Enterprise Linux 3: Security Guide Copyright © 2003 by Red Hat, Inc. Red Hat, Inc. 1801 Varsity Drive Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park NC 27709 USA rhel-sg(EN)-3-Print-RHI (2003-07-25T17:12) Copyright © 2003 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/). Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder. Red Hat, Red Hat Network, the Red Hat "Shadow Man" logo, RPM, Maximum RPM, the RPM logo, Linux Library, PowerTools, Linux Undercover, RHmember, RHmember More, Rough Cuts, Rawhide and all Red Hat-based trademarks and logos are trademarks or registered trademarks of Red Hat, Inc. in the United States and other countries. Linux is a registered trademark of Linus Torvalds. Motif and UNIX are registered trademarks of The Open Group. XFree86 is a trademark of The XFree86 Project, Inc, and is pending registration. Intel and Pentium are registered trademarks of Intel Corporation. Itanium and Celeron are trademarks of Intel Corporation. AMD, Opteron, Athlon, Duron, and K6 are registered trademarks of Advanced Micro Devices, Inc.
    [Show full text]
  • Presentations Made by Senders
    SES ���� ��� � �� � � � � � � � ������������� DomainKeys ��������� SPF ��������������������� ���������� ����������������� ������������������������������������������������ Contents Introduction 3 Deployment: For Email Receivers 6 Audience 3 Two Sides of the Coin 6 How to Read this White Paper 3 Recording Trusted Senders Who Passed Authentication 6 A Vision for Spam-Free Email 4 Whitelisting Incoming Forwarders 6 The Problem of Abuse 4 What To Do About Forgeries 6 The Underlying Concept 4 Deployment: For ISPs and Enterprises 7 Drivers; or, Who’s Buying It 4 Complementary considerations for ISPs 7 Vision Walkthrough 5 Deployment: For MTA vendors 8 About Sender Authentication 8 Which specification? 8 An Example 8 Conformance testing 8 History 8 Perform SRS and prepend headers when forwarding 8 How IP-based Authentication Works 9 Add ESMTP support for Submitter 8 The SPF record 9 Record authentication and policy results in the headers 8 How SPF Classic Works 9 Join the developers mailing list 8 How Sender ID works 9 Deployment: For MUA vendors 9 How Cryptographic Techniques Work 0 Displaying Authentication-Results 9 Using Multiple Approaches Automatic switching to port 587 9 Reputation Systems Deployment: For ESPs 20 Deployment: For Email Senders 2 Don’t look like a phisher! 20 First, prepare. 2 Delegation 20 Audit Your Outbound Mailstreams 2 Publish Appropriately 20 Construct the record 2 Deployment: For Spammers 2 Think briefly about PRA and Mail-From contexts. 3 Two Types of Spammers 2 Test the record, part 3 Publish SPF and sign with DomainKeys. 2 Put the record in DNS 3 Stop forging random domains. 2 Test the record, part 2 4 Buy your own domains. 2 Keep Track of Violations 4 Reuse an expired domain.
    [Show full text]
  • TCP/IP Alapok II
    Windows Server 2008 TCP/IP Alapok 2. kötet V1.0 Petrényi József 2010, Petrényi József 1.0 verzió, első kiadás Minden jog fenntartva. A könyv írása során a szerző és a kiadó a legnagyobb gondossággal és körültekintéssel igyekezett eljárni. Ennek ellenére előfordulhat, hogy némely információ nem pontos vagy teljes, esetleg elavulttá vált. Az algoritmusokat és módszereket mindenki csak saját felelősségére alkalmazza. Felhasználás előtt próbálja ki és döntse el saját maga, hogy megfelel-e a céljainak. A könyvben foglalt információk felhasználásából fakadó esetleges károkért sem a szerző, sem a kiadó nem vonható felelősségre. A cégekkel, termékekkel, honlapokkal kapcsolatos listák, hibák és példák kizárólag oktatási jelleggel kerülnek bemutatásra, kedvező vagy kedvezőtlen következtetések nélkül. Az oldalakon előforduló márka- valamint kereskedelmi védjegyek bejegyzőjük tulajdonában állnak. Microsoft Magyarország 2010 Köszönetnyilvánítás: Továbbra is hatalmas köszönet illeti Joseph Davies-t, alias Cable Guy-t az alapos, szemléletformáló írásaiért. A wikipedia most sem hazudtolta meg önmagát, mindenhez hozzá tudott szólni, igaz, nem mindig sikerült érdemben. De becsületesen próbálkozott. "- Felejtsük el az egészet, kedves Tót - mondta nagylelkűen -, és lássunk hozzá a dobozoláshoz. Minden percért kár. Leültek. Tót is. Ugyanaz a Tót, aki az imént még lefitymálta és asszonypepecselésnek nézte ezt a munkát, most örült, hogy dobozolhatott... Pedig senki se hívta; épp csak, hogy helyet szorítottak neki. Persze, akárhogy vigyázott, csupa félresikerült, pofoncsapott doboz került ki a keze alól, de szerencsére ezen se akadt föl senki, legföljebb elnézően összemosolyogtak. Helyreállt a béke. Hosszú negyedórákig senki se beszélt, csak a margóvágó friss kattogása hallatszott. Később friss levegő jött a hegyekből. Szemközt, a Bábony tisztásain a gyantaszüretelők tűzrakásai hunyorogtak. Tóték ezt se látták.
    [Show full text]
  • [MS-OXSMTP]: Simple Mail Transfer Protocol (SMTP) Mail Submission Extensions
    [MS-OXSMTP]: Simple Mail Transfer Protocol (SMTP) Mail Submission Extensions Intellectual Property Rights Notice for Open Specifications Documentation . Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft Open Specification Promise or the Community Promise. If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting [email protected]. Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights.
    [Show full text]
  • NIST SP 800-177 Trustworthy Email ______
    Archived NIST Technical Series Publication The attached publication has been archived (withdrawn), and is provided solely for historical purposes. It may have been superseded by another publication (indicated below). Archived Publication Series/Number: NIST Special Publication 800-177 Title: Trustworthy Email Publication Date(s): September 2016 Withdrawal Date: February 26, 2019 Withdrawal Note: This publication has been superseded in its entirety by SP 800-177 Revision 1. Superseding Publication(s) The attached publication has been superseded by the following publication(s): Series/Number: NIST Special Publication 800-177 Revision 1 Title: Trustworthy Email Author(s): Scott Rose; J. Stephen Nightingale; Simson L. Garfinkel; Ramaswamy Chandramouli Publication Date(s): February 2019 URL/DOI: https://doi.org/10.6028/NIST.SP.800-177r1 Additional Information (if applicable) Contact: Advanced Network Technology Division (Information Technology Laboratory) Latest revision of the attached publication: Related information: https://www.nist.gov/programs-projects/high-assurance-domains https://csrc.nist.gov/publications/detail/sp/800-177/archive/2016-09-07 Withdrawal N/A announcement (link): Date updated: February 26, 2019 NIST Special Publication 800-177 Trustworthy Email Ramaswamy Chandramouli Simson Garfinkel Stephen Nightingale Scott Rose This publication is available free of charge from: http://dx.doi.org/10.6028/NIST.SP.800-177 C O M P U T E R S E C U R I T Y NIST Special Publication 800-177 Trustworthy Email Scott Rose, Stephen Nightingale Information Technology Laboratory Advanced Network Technology Division Simson L. Garfinkel Information Technology Laboratory Information Access Division Ramaswamy Chandramouli Information Technology Laboratory Computer Security Division This publication is available free of charge from: http://dx.doi.org/10.6028/NIST.SP.800-177 September 2016 U.S.
    [Show full text]
  • Rfc4409.Txt.Pdf
    Network Working Group R. Gellens Request for Comments: 4409 QUALCOMM Obsoletes: 2476 J. Klensin Category: Standards Track April 2006 Message Submission for Mail Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This memo splits message submission from message relay, allowing each service to operate according to its own rules (for security, policy, etc.), and specifies what actions are to be taken by a submission server. Message relay and final delivery are unaffected, and continue to use SMTP over port 25. When conforming to this document, message submission uses the protocol specified here, normally over port 587. This separation of function offers a number of benefits, including the ability to apply specific security or policy requirements. Gellens & Klensin Standards Track [Page 1] RFC 4409 Message Submission for Mail April 2006 Table of Contents 1. Introduction ....................................................3 2. Document Information ............................................4 2.1. Definitions of Terms Used in This Memo .....................4 2.2. Conventions Used in This Document ..........................5 3. Message Submission ..............................................5
    [Show full text]
  • E-Mail Security (Emailsec - Jan'09)
    E-mail security (emailsec - jan'09) Electronic mail security Antonio Lioy < lioy @ polito.it> Politecnico di Torino Dip. Automatica e Informatica MHS (Message Handling System) MTA MTA MTA chain MSA MSA MS MS MUA MUA MUA (Message User Agent) MSA (Message Submission Agent) MTA (Message Transfer Agent) MS (Message Store) E-mail on multi-user systems Mail Mail editor User User Agent RFC-822 Agent MSA Mail (MTA ) Transfer Agent SMTP SMTP SMTP SMTP MTA MTA MTA © Antonio Lioy - Politecnico di Torino (1995-2009) 1 E-mail security (emailsec - jan'09) E-mail in client-server mode SMTP Mailserver SMTP MTA ... ( MSA ) MilMail User Agent Post Office ... MTA POP, IMAP ( MS ) SMTP Webmail Mailserver SMTP MTA ... ( MSA ) SMTP HTTP web server HTML HTTP virtual engine MUA web browser POP / IMAP Post Office ... MTA ( MS ) SMTP Protocols and ports SMTP (Simple Mail Transfer Protocol) 25/tcp (MTA) 587/tcp (MSA) POP (Post Office Protocol) 110/tcp IMAP (Internet Message Access Protocol) 143/tcp © Antonio Lioy - Politecnico di Torino (1995-2009) 2 E-mail security (emailsec - jan'09) RFC-822 messages only US-ASCII characters on 7 bits lines terminated by <CR> <LF> messages composed by header + body header keywor ds a ttht the beg inn ing o fthf the line continuation lines start with a space body separated from the header by an empty line contains the message Header RFC-822 From: sender (logical) Sender: sender (operational) Organization: organization of the sender To: destination SbjtSubject: subjec t Date: date and hour of sending Received: intermediate steps Message-Id: sending ID CC: copy to Bcc: copy (hidden) to Return-Receipt-To: return receipt to An SMTP / RFC-822 example telnet duke.colorado.edu 25 Trying ....
    [Show full text]
  • Draft NIST Special Publication 800-177, Trustworthy Email
    1 DRAFT NIST Special Publication 800-177 2 Trustworthy Email 3 4 5 Ramaswamy Chandramouli 6 Simson Garfinkel 7 Stephen Nightingale 8 Scott Rose 9 10 11 12 13 14 15 16 17 18 19 C O M P U T E R S E C U R I T Y 20 21 22 DRAFT NIST Special Publication 800-177 23 Trustworthy Email 24 25 Scott Rose, Stephen Nightingale 26 Information Technology Laboratory 27 Advanced Network Technology Division 28 29 Simson L. Garfinkel 30 Information Technology Laboratory 31 Information Access Division 32 33 Ramaswamy Chandramouli 34 Information Technology Laboratory 35 Computer Security Division 36 37 38 39 40 41 42 43 September 2015 44 45 46 47 48 49 U.S. Department of Commerce 50 Penny Pritzker, Secretary 51 52 National Institute of Standards and Technology 53 Willie May, Under Secretary of Commerce for Standards and Technology and Director 54 Authority 55 This publication has been developed by NIST in accordance with its statutory responsibilities under the 56 Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3541 et seq., Public Law 57 (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, 58 including minimum requirements for federal information systems, but such standards and guidelines shall 59 not apply to national security systems without the express approval of appropriate federal officials 60 exercising policy authority over such systems. This guideline is consistent with the requirements of the 61 Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information 62 Systems, as analyzed in Circular A-130, Appendix IV: Analysis of Key Sections.
    [Show full text]
  • Draft NIST Special Publication 800-177, Trustworthy Email
    This (First) DRAFT of Special Publication 800-177 document has been superceded by the following draft publication: The first draft has been attached for HISTORICAL PURPOSE – PLEASE refer to the Second Draft (see details below): Publication Number: Second Draft Special Publication 800-177 Title: Trustworthy Email Publication Date: March 2016 Second Draft Publication: http://csrc.nist.gov/publications/PubsDrafts.html#800-177 Information on other publications: http://csrc.nist.gov/publications/ The following information was posted with the attached DRAFT document: NIST requests comments on the second draft of Special Publication (SP) 800-177, Trustworthy Email. This draft is a complimentary guide to NIST SP 800-45 Guidelines on Electronic Mail Security and covers protocol security technologies to secure email transactions. This draft guide includes recommendations for the deployment of domain-based authentication protocols for email as well as end-to-end cryptographic protection for email contents. Technologies recommended in support of core Simple Mail Transfer Protocol (SMTP) and the Domain Name System (DNS) include mechanisms for authenticating a sending domain (Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain based Message Authentication, Reporting and Conformance (DMARC). Email content security is facilitated through encryption and authentication of message content using S/MIME and/or Transport Layer Security (TLS) with SMTP. This guide is written for the federal agency email administrator, information
    [Show full text]
  • Personenverzeichnis
    Personenverzeichnis Adelstein, T. 1101 Comer, D. E. 1102 Aho, A. V. 33 Conner-Sax, K. 1103 Albitz, P. 1103 Cooper, M. 46 Alkalay, A. 177 Cutler, E. 1102 Allaert, D. 422 Czyborra, R. 177 Almesberger, W. 477 Anderson, G. 30 Dalheimer, M. K. 1100, 1102 Andreasson, O. 764 Dalheimer, T. 1102 Anvin, H. P. 493 Dawson, T. 237, 1102, 1103 Arcomano, R. 308 Delorie, D. J. 451 Aubepin, F. 1100 Deutz, R. 1103 Aznar, G. 418, 797 Dietz, H. 895 Diffie, B. W. 270 Bach, M. J. 1100 Drake, J. 741 Bacon, J. 1101 Badach, A. 1103 Ebersbach, A. 1103 Barrett, D. J. 1104 Emery, V. 578 Barth, W. 1101 Ewing, L. 9, 10 Bauer, F. L. 586, 1104 Bautts, T. 1102 Fawcett, T. 496 Bayes, T. 817 Fenzi, K. 899 Bic, L. 1099 Frisch, Æ. 1101 Bigelow, C. 189 Bishop, A. M. 574 Garfinkel, S. 1100, 1104 Blaze, M. 582 Garrels, M. 46, 59, 1100 Bolsky, M. I. 1100 Ghosh, S. 304 Bourne, S. R. 33, 46, 1100 Goerzen, J. 290 Bovet, D. P. 679, 1100 Gortmaker, P. 722 Bradley, D. J. 36 Grägert, S. 1103 Brouwer, A. 387 Graham, P. 817 Brown, M. A. 238 Guérard, J.-P. 290 Burgiss, H. 223 Gulbins, J. 1100 Burrows, D. 644 Hahn, H. 1103 Buytaert, K. 890 Haible, B. 177 Cameron, J. 883, 1101 Hall, E. 1103 Card, R. 565 Hammers, C. 456, 900 Cesati, M. 679, 1100 Hards, B. 589 Christenson, N. 404 Hassell, J. 1101 Chuvakin, A. 867 Hattenhauer, R. 1100 Claus, V. 1099 Hazel, P. 802 1106 PERSONENVERZEICHNIS Heinlein, P.
    [Show full text]
  • Analysing Smtp Server and Its Security Aspects
    Vol-3 Issue-5 2017 IJARIIE-ISSN(O)-2395-4396 ANALYSING SMTP SERVER AND ITS SECURITY ASPECTS Lohith N1, T H Sreenivas2 1 Student, Information Science and Engineering, National Institute of Engineering, Karnataka, India 2Professor, Information Science and Engineering, National Institute of Engineering, Karnataka, India ABSTRACT Electronic mail (e-mail) is one of the most popular network services nowadays. Most e-mail systems that send mail over the Internet use simple mail transfer protocol (SMTP) to send messages from one server to another. The messages can then be retrieved with an e-mail client using either post office protocol (POP) or Internet message access protocol (IMAP). SMTP is also generally used to send messages from a mail client to a mail server in “hostbased” (or Unix-based) mail systems, where a simple mbox utility might be on the same system [or via Network File System (NFS) provided by Novell for access without POP or IMAP. SMTP is used as the common mechanism for transporting electronic mail among different hosts within the transmission control protocol/Internet protocol (TCP/IP) suite. It is an application layer protocol. With the increase of electronic communication, spams are widely increased targeting individuals, having a doubtful intension such as stealing personal information to be misused or even to paralyze the event system by injecting viruses. Therefore, to protect email users from spams and viruses, it is crucial to protect our SMTP servers . Keyword : - SMTP, SPF, network security 1. INTRODUCTION Email is nowadays considered to be the most widespread form of digital communication. Email not only accounts for most user communications in corporate environments, but it is also widely used in both residential and mobile environments to support citizens’ personal communications[1] .Network as we realize that Email has ended up mainstream with the dangerous development of the web.
    [Show full text]
  • Standards Track J. Klensin MCI December 1998
    Network Working Group R. Gellens Request for Comments: 2476 QUALCOMM Category: Standards Track J. Klensin MCI December 1998 Message Submission Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (1998). All Rights Reserved. Table of Contents 1. Abstract . 2 2. Document Information . 3 2.1. Definitions of Terms Used in this Memo . 3 2.2. Conventions Used in this Document . 4 3. Message Submission . 4 3.1. Submission Identification . 4 3.2. Message Rejection and Bouncing . 4 3.3. Authorized Submission . 5 3.4. Enhanced Status Codes . 6 4. Mandatory Actions . 6 4.1. General Submission Rejection Code . 6 4.2. Ensure All Domains are Fully-Qualified . 6 5. Recommended Actions . 7 5.1. Enforce Address Syntax . 7 5.2. Log Errors . 7 6. Optional Actions . 7 6.1. Enforce Submission Rights . 7 6.2. Require Authentication . 8 6.3. Enforce Permissions . 8 6.4. Check Message Data . 8 7. Interaction with SMTP Extensions . 8 8. Message Modifications . 9 8.1. Add 'Sender' . 9 8.2. Add 'Date' . 10 8.3. Add 'Message-ID' . 10 Gellens & Klensin Standards Track [Page 1] RFC 2476 Message Submission December 1998 8.4. Transfer Encode . 10 8.5. Sign the Message . 10 8.6. Encrypt the Message . 10 8.7. Resolve Aliases . 10 8.8.
    [Show full text]