Email Protocols

This post presents some aspects related to electronic mail (email or e-mail) protocols.

Email Operational Protocols

  • Inbound e-mails
    • POP3
    • IMAP
  • Outbound e-mails
    • SMTP
    • X.400

POP3

Post Office Protocol 3 (POP3) is considered deprecated.

IMAP

Internet message access protocol (IMAP)

SMTP

An open relay is an insecure SMTP server that does not authenticate sneders before accepting and relaying email and are typically quickly exploited to send email for spammers.

The SMTP standard is RFC 5321, developed by IETF.

Management Information Base (MIB) is a database or collection of information that SNMP uses to manage devices on a network. It contains standardized objects (variables) that represent different aspects of a device’s status, configuration, and performance (e.g., CPU usage, interface status, error counts).

You can read this post about SMTP enumeration tools.

X.400

X.400 is an e-mail protocol standardized for ITU-T.

X.500 started as a side project related to X.400.

It expected to be the predominant form of email, but finally STMP acquired this role.

Email Security Protocols

These security protocols are used for example with SMTP:

  • E-mail encryption
    • S/MIME
    • PGP
    • MOSS / PEM-MIME
  • Inbound e-mail authentication
    • DKIM
    • SPF
    • DMARC
  • Secure Outbound e-mail communication
    • Implicit STMPS
    • STARTTLS

E-mail Encryption

E-mail Encryption Protocols featured on this post:

  • S/MIME
  • PGP
  • Privacy Enhanced Email
  • MOSS / PEM-MIME

S/MIME

Secure Multipurpose Internet Mail Extension (S/MIME) is an email security standard.

It provides:

  • Confidentiality: Public Key Cryptography Standard (PKCS) encryption
  • Authentication: X.509 digital certificates issued by trusted third-party certificate authorization (CAs).

S/MIME types of messages:

  • Signed messages: provides integrity, sender authentication, and non-repudiation.
  • Secure enveloped method: provides recipient authentication and confidentiality.

Secure enveloped method is specific to S/MIME.

S/MIME secure email format uses the P7S for encrypted email messages. If the recipient does not have a mail reader that supports S/MIME, the message will appear with an attachement named smime.p7s.

The main difference between S/MIME and PGP is that S/MIME requires a PKI while PGP does not.

PGP

Pretty Good Privacy (PGP) is a peer-to-peer public-private key-based email system.

When implemented, the authenticity of the users’ public keys are attested to by others in a circle of trust, the role of a Certificate authority is not needed.

The main difference between PGP and S/MIME that S/MIME requires a PKI while PGP does not.

Privacy Enhanced Email

Deprecated

Privacy-Enhanced Mail (PEM) is a file format for storing and sending cryptographic keys, certificates, and other data.

It was based on a set of 1993 IETF standards defining “privacy-enhanced mail”.

The PEM format was formalized by the IETF in RFC 7468, though it started as a de facto file format.

While the original standards were never broadly adopted and were supplanted by PGP and S/MIME, the textual encoding they defined became very popular.

MOSS / PEM-MIME

Deprecated

MIME Object Security Services (MOSS) / Privacy-Enhanced Mail MIME (PEM-MIME) is a protocol that uses the multipart/signed and multipart/encrypted framework to apply digital signature and encryption services to MIME objects.

It was never largely deployed and the project is abandoned mainly due to the popularity of PGP.

Inbound E-mail Authentication

Inbound e-mail authentication protocols featured on this post:

  • DKIM
  • SPF
  • DMARC

DKIM

Domain Keys Identified Mail (DKIM) is a mean to assert that valid mail is sent by an organization through verification of domain name identity.

It is used to detect spam and email spoofing.

SPF

Sender Policy Framework (SPF) is also a mean that valid is sent by an organization through its SMTP server.

The solution checks that inbound messages originate from a host authorized to send messages by the owner of the SMTP origin domain.

Example: the systems receives an e-mail from jane.doe@example.com. SPF would check with the admin of example.com that user jane.doe is authorized to send messages.

DMARC

Domain Message Authentication Reporting and Conformance (DMARC) is a DNS-based email authentication system. It is built on top of DKIM and SPF.

E-mail servers can verify if a received message is valid by following the DNS-based instructions.

It is intended to protect against business email compromise (BEC), phishing, and other email scams.

The DMARC aggregated report, DMARC XML report or reporting URI for aggregated data (RUA) is a report that contains an overview of how emails sent from a domain are being handled by recipient mail servers and whether they pass SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) authentication checks.

Secure Outbound E-mail Communication

Secure outbound e-mail communication protocols featured on this post:

  • Implicit SMTPS
  • STARTTLS

Implicit SMTPS

Deprecated

SMTPS is the TLS-encrypted form of SMTP. Implicit SMTPS involves establishing a secure connection from the outset.

Implicit SMTPS encrypts the entire SMTP session, including the handshake process, using SSL/TLS.

Implicit SMTPS assumes that the connection will be encrypted from the beginning.

It uses port 465.

It is not much used nowadays, compared to STARTTLS, and is consided outdated.

STARTTLS

STARTTLS, explicit TLS or opportunistic TLS for SMTP is an SMTP command that negotiates encryption after the initial connection is made.

It uses port 587.

You might also be interested in…

External References

  • M. Chapman et al; “CISSP Study Guide 9th Edition”, section “Email Security Solutions”, pp. 599-601; Wiley, 2021
  • Inbound e-mail authentication

Leave a Reply

Your email address will not be published. Required fields are marked *