Electronic mail and online safety (Sep 17, 2008) (beginner)
1. Electronic Mail & Online Safety
Henry Van Styn, IntelliTree Solutions
http://www.intellitree.com
vanstyn@intellitree.com
513-333-0282
September 17th
, 2008
2. Agenda
• How E-Mail works
– Dispel misconceptions
– General understanding
• Weaknesses in E-Mail
– Spam, Viruses
– Overcoming weaknesses
• Online Safety
– How infections/compromises occur, and why
– Prevention
– Correction
• Q and A
3. E-Mail
• Oldest Internet application
• System to relay messages
• SMTP – Simple Mail Transfer Protocol
• Modeled after postal mail
– No sender validation
4. E-Mail (cont.)
• Sending separate from receiving
• Protocols for receiving
– POP3
– IMAP
– Webmail
– Custom systems
9. Spam
• As much as 90% of all mail is Spam
• 100 billion spam messages per day
– 14 messages for every person on the planet
• Increasing
– 300% increase since 2005
• Anti-Spam systems a necessity
11. Paradigm shift - 2003
• Take over PCs - Malware
• “Zombie” systems
• Botnets
• Unprecedented volume
12. Continuing Spam Wars
• URI Blacklists
• OCR scanning
• Real time shared anti-spam data
• False positives
– Local whitelists
• Collateral damage
• Keeping mail servers in “good standing”
14. Cost of Spam
• Our Anti-Spam systems are 99% effective
• Server load and bandwidth usage continue to increase
• Cost US tens of billions per year
• Estimated world wide cost 2003: $20.5B*
• Estimated world wide cost 2007: $198B*
* The Radicati Group
15. Online Safety
• Virus authors not just vandals any longer
– Out for profit
• Take over systems - botnets
– For spamming
– For advertising
– For capturing information
– For attacking other systems
Hello everyone, thank you very much for having me!
My name is Henry Van Styn and I’m the president of IntelliTree Solutions. We’re a local technology firm and we’ve been providing software development and managed services to small and medium sized organizations since 2001. We help organizations with their IT needs.
In most cases, this means directly providing, managing and maintaining their computer and network systems. We provide the core systems that all organizations need, secure internet access, e-mail, remote access, network security, data backups, and access to the applications that are needed for operations.
No one will deny how dependant we’ve become on technology to conduct business. It’s a part of life now; we all use it every day, and we depend on it. When it fails, its very costly in terms of lost productivity, or even stops us from conducting business entirely. It’s a little ironic, as this topic is especially timely today, after just coming out of the power outage.
In terms of being able to conduct business, what was the worst part of the power outage? Was it being in the dark? Was it no AC? Or was it the fact that the computers were down? No e-mail, no internet, no access to that spreadsheet.
Despite how important we’ll all agree information technology is to us in this day in age, I find there is still a general resistance to understanding how much of it works. Many people automatically assume it’s too complicated, or will take too much time to understand. After all, you need to focus on your core competencies, and that’s what you pay guys like me for, right?
While that is true to an extent, there is a basic level of understanding that all users should have to get the most out of the tools and systems that they rely on.
Take the example of an automobile; another technology that we all rely on every day. While I am not a mechanic, I still know that I need to change my oil every 3000 miles. I still know that if I start hearing a grinding sound when I use my brakes, that my pads probably need changing and if I wait to long I might destroy my rotors which will cost a lot more to replace.
And take your industry. While not everyone understands how to do general journal entries, or can explain how to properly depreciate a capitol equipment purchase, I’m sure you’ll agree, everyone should at least be able to balance their checkbook.
Because you’re here, I’m probably already preaching to the choir about this, but my only point is that the general level of understanding when it comes to information technology is too low, and we’d all benefit from having a more technically savvy business population.
There are many areas we could talk about in IT, but today, we’re going to talk about the technology that we use and rely on more than any other; e-mail. I am going to explain how e-mail works, and I’m going to do a little more than scratch the surface. There are a lot of misconceptions when it comes to e-mail, and I’m going to dispel those and give everyone a general understanding of the inner workings of e-mail.
From there, we’re going to talk about some of the inherent weaknesses in the architecture of e-mail and how those weaknesses are exploited every day by the bad guys to send spam, viruses, and other undesirables, and the challenges involved in fighting back.
From there we are going to expand into a more general discussion of online safety, and discuss how (and why) infections occur and how to protect yourself and your computer. We’re going to talk about how to prevent your computer from getting infected with spyware and viruses, and what steps to take if you do get infected.
If anyone has any questions along the way, don’t hesitate to stop me and ask. There will also be a Q and A at the end, time permitting.
E-Mail is the oldest and first application to run over the Internet. Much older than the world wide web which was invented in the 90s, E-Mail actually predates Internet itself, with its roots going all the way back to the 60s. The concept is both simple and obvious. It’s a system to send messages between users on different systems by relaying them from one system to another.
E-mail has been through different protocols and iterations over the years, but the only one that matters is the one we use today, which is SMTP. SMTP stands for Simple Mail Transfer Protocol, and its just that, simple.
The most important thing to understand about e-mail is that its modeled after Postal mail. When you send a letter, you write in a To address in the center of the envelope, and also write in a From address in the top left corner. What you write in for the from address really doesn’t matter for delivery. It serves 2 purposes; to let your recipient know who the letter is from before they open it, and if there is a delivery problem, it lets the post office know who to send the letter back to so you know it wasn’t received.
It’s the same with e-mail. There is no validation of the From address whatsoever. You can send an e-mail “From” any address you like. This is one of the biggest misconceptions about e-mail; when people get a bounce message for an e-mail they didn’t send, or even get an e-mail from themselves, they think their e-mail has been “hijacked.” It’s not the case, and in fact, a common technique used by spammers is to send their spam from legitimate addresses, and there is nothing that can be done about it, because its just the way e-mail works.
Sending e-mail is also “disconnected” from receiving it. Once a message, or a letter, is sent and it traverses the Internet or Postal system, it is eventually delivered into a Mailbox. Just like the act of going out to your mail box and getting your postal mail is totally separate from going to the post office and mailing letter, it is also totally separate with e-mail, and in fact, with e-mail, totally different protocols are used!
There are various protocols and methods to check your mail. Some of these you’ve probably heard of and are familiar to you, like POP3. There are other protocols too, like IMAP, checking mail over a web interface, and other custom systems have their own protocols, like Domino, Microsoft Exchange, etc. While there are lots of ways, and “protocols,” available to receive mail, there is only one for sending it, which is SMTP.
So lets break it down. Everyone uses what is called a Mail client. Outlook is a mail client, and the webmail interface at gmail.com is also a mail client. Your mail client is configured to access your mailbox by whatever means, and is also configured to send e-mail via SMTP.
So what happens exactly when you click the send button? When you compose an e-mail, you specify a recipient, or set of recipients, along with a subject and body. When you click send, the e-mail is sent to an SMTP server. What server, depends on the configuration of your mail client. This is usually a server on your local network, or a server that is provided by your ISP. The SMTP server is just like a Post office branch.
Once an SMTP server receives a message, it has to figure out where to send it next to get it to its destination. As an end user, we don’t really have to worry about this, as this happens behind the scenes, just as it does with postal mail.
However, most of us know a little bit about how it works, at least with Postal mail. How do they route our letters? Zip codes! The country is broken down geographically by 9 digit codes, with the left part of the number designating larger, more general regions, and the right part of the number zeroing in on smaller, and more specific regions.
For example, any Zip code starting with a 4 is in Indiana, Kentucky, Ohio or Michigan. Anything that starts 452 is Cincinnati, 5 digits, such as 45246, designate a specific post office, then with the plus 4, you can zero in on an area sometimes as small as a city block. Then there are complex routes and specific shipments that are followed to get the mail through the system.
In E-mail, its actually much simpler, primarily because in cyberspace, geography is arbitrary. “Geography,” in this case, is determined by domain name. If a message is bound for [email_address], for example, then it should be sent to the xyz.com mail server.
The way to find the xyz.com mail server is by DNS. DNS stands for Domain Name System, and it’s the same system used to find web addresses, like google.com. DNS is a vital system for the Internet.
The Internet is just a giant network, and every computer has a unique address, called an IP address. Any computer can talk to any other computer, as long as it knows its IP address. You’ve probably heard of or seen IP addresses at some point, it’s a number like 24.29.1.218. There is a little over 4 trillion of them total, and needless to say, it would be annoying if you had to remember them.
Enter DNS. DNS is basically just a giant, distributed, directory for the whole Internet. It translates friendly names like google.com into an IP address, and all under the hood. When you type in google.com into your web browser, even though you don’t see it and probably aren’t aware of it, your computer is actually connecting to an IP address for the google web server that it got from DNS. DNS is its own topic, but we’re talking about e-mail.
Once a message gets sent to the SMTP server, which is just a computer on the Internet, it finds the IP address of the mail server for the domain from DNS, it then sends, or “relays,” the message to that SMTP server.
Once it gets to the destination mail server, the message is delivered into the specific destination mail box (based on the text to the left of the @ sign). In the case of [email_address], it would be delivered into joe’s mailbox. If joe has his mail client running, as soon as it checks his mailbox (or clicking Send/Receive), he will see the message pop into his Inbox.
While it could be as simple as just 2 mail servers involved, more often there are more. When sending e-mail, SMTP servers may be configured to relay to other SMTP servers. This is usually the case with ISP SMTP servers, where they will aggregate mail from first tier SMTP servers to master SMTP servers before the message leaves the ISP’s network.
Also, on the receiving side, the destination SMTP server may not be the final server where the mailbox is located. These are called relay servers. This is what we do for our clients. These relay servers are collocated on fault tolerant networks and serve 2 functions. The first is to filter Spam, and the second is to provide store and forward in case the destination mail server is offline. This came into play over the last few days. Most of our client’s servers here in the Tri-State area have been offline due to the power outages (some still are). During this time, our relay servers, which never go offline, just queued messages up until the destination servers came back online. This way, our clients didn’t lose any messages sent to them during the outage.
So that is, in general, how e-mail works. I’m sure you can see how the e-mail system is vulnerable, based on the way it was built. E-Mail is, by its core architecture, anonymous. That’s why it is so vulnerable to spam. While the postal system technically has the same weakness, there are logistical barriers with postal mail that limit its exposure to abuse. Because both the production and delivery of postal messages is physical, not to mention postage, the cost of each piece of postal mail is significant compared to the cost of an e-mail.
There are many areas we could talk about in IT, but today, we’re going to talk about the technology that we use and rely on more than any other; e-mail. I am going to explain how e-mail works, and I’m going to do a little more than scratch the surface. There are a lot of misconceptions when it comes to e-mail, and I’m going to dispel those and give everyone a general understanding of the inner workings of e-mail.
From there, we’re going to talk about some of the inherent weaknesses in the architecture of e-mail and how those weaknesses are exploited every day by the bad guys to send spam, viruses, and other undesirables, and the challenges involved in fighting back.
From there we are going to expand into a more general discussion of online safety, and discuss how (and why) infections occur and how to protect yourself and your computer. We’re going to talk about how to prevent your computer from getting infected with spyware and viruses, and what steps to take if you do get infected.
If anyone has any questions along the way, don’t hesitate to stop me and ask. There will also be a Q and A at the end, time permitting.