Email - a Review of Technology
Electronic mail (Email) as it is used today, offers simple and efficient communications. With decades of modification, it is currently a large percentage of Internet use (Msongaleli & Kucuk, 2018). Email is critical to any business and requires high security (Gupta, Pilli, Mishra, Pundir, & Joshi, 2014). There are many closed mail systems, the two main enterprise level systems are IBM’s Lotus Notes / Domino and Microsoft’s Exchange. These systems typically use proprietary protocols when sending and receiving email within the corporate environment. For communications outside the corporate system, and for email between other entities, three email protocol suites are used: Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP3), and Internet Message Access Protocol (IMAP) (Gupta et al., 2014).
There are significant security issues with Internet mail. Internet mail is susceptible to malicious content, ranging from nuisance email (inappropriate images and offensive text) to email infected by malware (Gupta et al., 2014).
Example of server/client relationship
While there are some open SMTP relays in existence, most SMTP servers use the relay feature to route mail through trusted SMTP relay services or by direct connect to trusted SMTP servers. When an individual sends a message, it is either through a client like Outlook or Lotus Notes, or through a web-based service like Gmail. The message is formatted to be transmitted using SMTP (Msongaleli & Kucuk, 2018). The sender's mail server, commonly call a mail transfer agent (MTA) looks up the recipient’s domain in a Domain Name Service (DNS) server to determine the destination server. This location is noted in a mail exchanger (MX) record on the DNS server. The message is passed to the receiving SMTP server through multiple hops and waits on the receiving SMTP server until retrieved by the recipient’s client.
Figure 1 Photo courtesy of Syed Zaidlrshad
Crimes Committed by Email
Crimes committed by email include propagating malware through email, spoofing email with the intent to cause harm, and email bombing.
Crimes Supported by Email
Email fraud is a crime that can be supported by email messages. Phishing is a crime supported by email until the criminals target data is acquired. After acquiring the data, criminals then engage in cybercrime using the computer in many cases. Phishing is a social technique that criminals use to trick recipients into divulging confidential information that can be used to gain access to systems. Phishing also has been used to direct an unsuspecting user to a website where the criminal gathers personal information (Shaikh, Shabut, & Hossain, 2016).
Email Spoofing
Email spoofing is the act of falsifying the name and email address of the sender. Email spoofing with the intent to harm is illegal. Spoofing is as simple as owning an SMTP server. There are also websites that provide spoofing mailboxes like https://www.mailinator.com.
Common Email Headers
There are as many formats as there are email systems. Click on a link below to investigate these common headers:
Formats can have different nuances as long as required elements are present.
Forensic Tools
There are many forensic tools available to investigate email. The purpose of cyber forensic email analysis is to collect evidence. The investigation includes both header and body and can be for many different purposes. Click on a link below to learn more about available tools for email forensic investigations (Krishna Devendran, Shahriar, & Clincy, 2015):
1. MailXaminer
2. Aid4Mail
USA Cybercrime Email Laws
There is a lack of email specific federal law except for the CAN-SPAM act of 2003, Pub. L. No 108-187, 117 statutes 2688. The act pertains to sending large quantities of email, and the law makes it a felony to access a computer without authorization to send a mass email, materially alter the sender address, or cause an aggregate loss of $5000 or more. To review the law and other aspects of cybercrime click the link:
Education
Education of users is an important tool in fighting email attacks. Employee awareness training should include what to look for in a suspicious email, how to show details of sender addresses, and where to look on specific email clients that offer clues to what domains a link is pointed to. Simulated phishing awareness programs are a tool for raising employee awareness and are comprised of email with a link that should raise suspicion and has an explanatory landing page that informs the employee that this could easily have been a malicious link. More information is available at:
Tools to Combat Malicious Email
Spam filters and sandboxes are two tools that can help information security professionals secure their assets. Most enterprise-level email security platforms use comprehensive tools to analyze email and block spam and advanced threats with both cloud-based and in-house solutions. FireEye, a Mandiant company, has been protecting large enterprises with their comprehensive solutions. For more information, follow the link below:
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.