exchanging digital messages from an author to one or more recipients.
Email security is a broad term that encompasses multiple techniques used to secure an email service. From an individual/end user standpoint, proactive email security measures include: Strong passwords Desktop-based anti-virus/anti-spam applications
Similarly, a service provider ensures email security by using strong password and access control mechanisms on an email server; encrypting and digitally signing email messages when in the inbox or in transit to or from a subscriber email address. It also implements firewall and software-based spam filtering applications to restrict unsolicited, untrustworthy and malicious email messages from delivery to a users inbox.
SMTP stands for Simple Mail Transfer Protocol DEFINITION :- It's a set of communication guidelines that allow software to transmit email over the Internet. INTRODUCTION :- Most email software is designed to use SMTP for communication purposes when sending email, and It only works for outgoing messages.
The actual communication is below (S: stands for server and C: stands for client).
S: 220 smtp2go.com ESMTP Exim C: HELO mydomain.com S: 250 Hello mydomain.com C: MAIL FROM:amisha.hans@gmail.com S: 250 Ok C: RCPT TO:<ashima.adya@gmail.com> S: 250 Accepted C: DATA S: 354 Enter message, ending with "." on a line by itself
C: Subject: meeting C: From:amisha.hans@gmail.com C: To:ashima.adya@gamil.com C: C: Let's get together Monday at 1pm. C: Goodbye. C: . S: 250 OK C: QUIT S: 221 www.sample.com closing connection
Primary goal of PEM is to add security services for e-mail users in the internet community Began in 1985 as an activity of the Privacy and Security Research Group (PSRG) Defined in RFCs 1421/1422/1423/1424 Consists of extensions to existing message processing software plus a key management infrastructure
Uses symmetric cryptography to provide (optional) encryption of messages The RFCs strongly recommend the use of asymmetric cryptography (for digital signatures, certificates and encryption of the symmetric key) because of its ability to support vast distributed community of users The use of X.509 certificates is the base for public key management in PEM This certification hierarchy supports universal authentication of PEM users
SMTP canonicalization Digital Signature Encryption Base 64 encoding PEM represents a major effort to provide security for an application that touches a vast number of users within the Internet and beyond PEM was designed to have backward compatibility with existing mail system PEM depends on a successful establishment of the certification hierarchy that underlies asymmetric key management Problem : PEM does not support security services to multimedia files (MIME)