Ultimate Guide to Email SMTP Relay

Table of contents

01

chapter 1

Introduction Smtp

02

chapter 2

SMTP Data

03

chapter 3

SMTP Connection Architecture

04

chapter 4

SMTP Commands

05

chapter 5

SMTP Ports

06

chapter 6

What is Email Encryption & its significance?

07

chapter 7

Configuring the SMTP Server

08

chapter 8

Extended SMTP

09

chapter 9

Security extensions

10

chapter 10

SMTP Authentication

11

chapter 11

Email Spoofing

Chapter 1

Introduction to SMTP

image1

SMTP (Simple Mail Transfer Protocol) is an email communication protocol used to reliably transfer emails between two systems.

An important feature of SMTP is been platform-independent, which means in order to run SMTP, you don’t necessarily require any specific programming language or software to be pre-installed on your computer/server. Also, SMTP is capable of relaying mail across different transport services. Let’s learn how SMTP can be used with various transport services:

TCP Transport service

TCP stands for Transport Control Protocol and this is the most popular transport service for establishing an SMTP connection between the two systems. In case of TCP, an SMTP transmission channel is established between the sender and receiver over a port. The standard port assigned for establishing this connect is port 25. This method of TCP and SMTP based connection establishment is mostly used in ARPA Internet.

NCP Transport service

NCP stands for Network Control Program. In case of NCP, an SMTP transmission channel is established using the NCP between the sender and receiver over a port. The standard port assigned for establishing this connect is port 25. This method of NCP and SMTP based connection establishment is mostly used on the ARPANET internet.

NITS Transport service

NITS stands for Network Independent Transport Service, In case of NITS, an SMTP transmission channel is established using the NITS between the sender and receiver. The sender executes the CONNECT primitive and the receiver executes the ACCEPT primitive for establishing an SMTP connection between the two systems.

Chapter 2

SMTP Data

image1

By default, the SMTP standards (as mentioned in RFC 821) limits each line of mail to 1000 characters and each character should be 7 bits.

This means during the SMTP data transmission, you cannot have any of byte with the highest-order bit set to 1. If that would have been the scnerio, then you won’t have been able to send any of the media files like image, video or even text which are multi-lingual or contain Unicode characters. This is because in all such cases, you will find the 8th bit which is set to 1.

This means during the SMTP data transmission, you cannot have any of byte with the highest-order bit set to 1. If that would have been the scnerio, then you won’t have been able to send any of the media files like image, video or even text which are multi-lingual or contain Unicode characters. This is because in all such cases, you will find the 8th bit which is set to 1.

While RFC 821 was the good golden rule for sending textual messages between the two systems, but really failed to describe the support of multimedia messages that might include images, audio, video or what about the non-US users who want to use multi-lingual characters which are not part of US-ASCII.

This problem gave birth to Multipurpose Internet Mail Extensions (MIME) in RFC 2045, which allows the inclusion of non-US-ASCII characters both in the header and mail body. This includes the use of images, audio, video and other attachments files like zip, pdf, doc.

Chapter 3

SMTP Connection Architecture

image1

The SMTP connection architecture was designed in a very simple layman term, where the conversation between the two systems; the sender and the receiver happens completely in a robotic way:

Step 1: Sender SMTP server sends a HELO command to the receiver SMTP server for establishing a two-way communication channel. The receiver SMTP server responds back with a confirmation message OK.

Step 2: Sender SMTP server sends a MAIL command indicating the sender of the mail. If the receiver SMTP server can accept email from the sender, then it responds back with an OK command.

Step 3: Once the sender SMTP receives OK, it sends another RCPT command indicating the receiver of the mail. If the receiver SMTP can accept mail for that particular recipient, then it will again respond back with an OK command.

If the receiver server doesn’t want to accept mail, then it can reply back with a rejection response. Receiving a rejection response doesn’t mean the termination of the SMTP connection between the two SMTP servers, instead the SMTP connection will remain alive and the sender can send a new request for the recipient.

Step 4: If the sender SMTP server receives the OK response on sending the RCPT command, this means the negotiation between the two SMTP server is completed and now the sender can transmit the complete mail data to the receiver SMTP server by adding a special sequence of characters at the end, indicating it as the EOF.

Step 5: Once the recipient receives the EOF, it acknowledges the receipt of the complete data by responding back with an OK command. Thereafter the connection gets terminated.

This architecture is completely scalable when you have to just send a handful of emails, but if you want to send thousands or millions of emails, then you will end up into scale issue because after one SMTP connection can only send one email at a time.

In order to fix this problem, the concept of persistent SMTP connection came into the picture. As the name suggests, you have to just open one SMTP connection and using the persistent function you can keep the same SMTP connection alive. By doing this, you can send multiple emails from the same connection without getting disconnected. This is also known as SMTP Keep Alive.

One of the examples of using persistent SMTP connection in PHP:

phpMailer = New PHPMailer();

$phpMailer->isSMTP();

$phpMailer->SMTPKeepAlive = true;

for ( … ) {

// Send your emails right away

[ … ]

}

$phpMailer->SmtpClose();

Chapter 4

SMTP Commands

image1

In this section, you will learn the different commands which are used to communicate between the sender and receiver SMTP server. All SMTP commands are character strings ending with and the command code itself are alpha characters ending with .

List of basic SMTP commands which are a must to initiate an SMTP based mail sending:

This command is used by the sender SMTP server to open up a dialogue connection (a two-way communication channel) with the receiver SMTP.

The receiver SMTP server comes to know about the sender SMTP server’s identify and responds back with its identity and an OK command. Once this happens successfully, this means both are servers are at their ideal state with no buffers to accept input.

This is like a heartbeat check command. Once the sender SMTP sends this command to the receiving SMTP server, the job of receiving SMTP is to just reply with OK. NOOP command does not affect any of the previously entered commands neither the buffer or state tables.

This command has an argument field containing the reverse path to reach the source sender. If there are multiple hosts, then those can be passed as a part of this argument. The first host in the series will be the one which has most recently relayed the mail. The primary use of this sender address is to route the non-delivery notices to the sender.

Here is an example of a sender trying to connect with receiver SMTP to deliver email:

S: RCPT TO:

R: 250 OK

S: RCPT TO:

R: 550 No such user here

S: RCPT TO:

R: 250 OK

This command is used to share the actual email address of the recipient. In case there are multiple recipients, then this command has to be executed multiple times by the sender SMTP server.

This is actually the forward path, which indicates the actual destination of the mail. In case there are multiple hosts from where the mail should be routed, then the list of all those hosts can be optionally passed as an argument.

If the receiver SMTP server can relay the mail to the mentioned recipient email address, then it can confirm the sender SMTP server by sending an OK command else it can reject the request too. If the receiver SMTP server doesn’t have the relay to the recipient, then it can reply with a 550 error message saying, the unknown user.

If the beginning of your mail text is a period, then in such cases an additional period has to be inserted at the beginning. This is because when the receiver SMTP receives the data, it checks for the beginning of the line. If the line is only composed of a single period then it considers it to be the end of mail. So, in case you have not appended one more period before that, then the receiver will actually receive a blank mail.

On the other hand, if the first character of the mail text is a period, but it is followed by a few more characters, then the first character that is the period will be auto-deleted. If you intentionally want a period at the start of the mail. Then in all such cases, a double period needs to be appended at the start.

S: RCPT TO:

R:250 OK

S:RCPT TO:

R: 550 No such user here

S: RCPT TO:

R: 250 OK

On receiving a 250 OK on the RCPT request, the sender SMTP can make another DATA command call for transmitting the mail data to the receiving SMTP server.

On lines following the DATA command will be treated as the mail data.

The end of the mail data is determined by a line containing only a period. The end character sequence will be like “.”. SMTP is an open protocol with every aspect of it very well documented in RFC.

If the beginning of your mail text is a period, then in such cases an additional period has to be inserted at the beginning. This is because when the receiver SMTP receives the data, it checks for the beginning of the line. If the line is only composed of a single period then it considers it to be the end of mail. So, in case you have not appended one more period before that, then the receiver will actually receive a blank mail.

On the other hand, if the first character of the mail text is a period, but it is followed by a few more characters, then the first character that is the period will be auto-deleted. If you intentionally want a period at the start of the mail. Then in all such cases, a double period needs to be appended at the start.

R: 220 smtp.pepipost.com Simple Mail Transfer Service Ready

S: HELO mail.example.com

R: 250 BBN-UNIX.ARPA

S: MAIL FROM:

R: 250 OK

S: RCPT TO:>

R: 250 OK

S: DATA

R: 123 Start of the email; end with .

S: Blah blah blah…

S: Blah blah blah...

S: ...etc. etc. etc.

This is an SMTP connection RESET command, which you can use to abort the current mail transaction. Once the receiving SMTP server, receives this command it clears all buffers and state tables, it will also discard the stored sender, recipient and mail data and sends back an OK command to the sender.

This is like a heartbeat check command. Once the sender SMTP sends this command to the receiving SMTP server, the job of receiving SMTP is to just reply with OK. NOOP command does not affect any of the previously entered commands neither the buffer or state tables.

Once the sender SMTP server sends this command, this means the receiver SMTP has to reply with an OK message and close the SMTP transmission pipe.

There is a strict restriction on the order in which any of the SMTP commands can be executed between the sender and the receiver. For example, the first command in an SMTP transaction should be HELO. NOOP, HELP, EXPN and VRF commands can be used any time during the transaction session. RSET can be used anytime during the MAIL, SEND, SOML or SAML commands begin a mail transaction.

Chapter 5

SMTP Ports

image1

Special computer ports are assigned to perform the connection between the sender the receiver SMTP.

List of SMTP ports which are been globally used:

1. Port 25: This is the first and the official port designated for SMTP in 1982. Since then port 25 is been used as the default port to transmit emails from one computer to another across the internet.

2. Port 587: In 1998, RFC 2476 was submitted to introduce port 587 as a new port for transmitting mail over SMTP. Port 587 was assigned as a new message submission to make sure that the new policy and security requirements don’t interfere with the traditional mail transmission already happening over port 25. This port, coupled with TLS encryption, will ensure that email is submitted securely and following the guidelines set out by the IETF.

3. Port 465: Port 465 was never been published as an official SMTP port for mail transmission by IETF, but was registered as an SMTP port by IANA (Internet Assigned Numbers Authority). This is the reason why this port is generally not accepted by every email service providers across the globe. There are definitely huge merits of using this port over other SMTP ports. One of the biggest merits is, it is more secure as it uses SSL (Secure Sockets Layer) for encrypting mail communication over the internet.

4. Port 2525: This port was primarily introduced by Google. Gmail and Google Cloud exposed its SMTP for the outside world over port 2525. The other SMTP ports 25 and 587 are default blocked on Google Cloud. This was an intentional move, to protect the infrastructure from regular spamming happening over the default SMTP ports 25 and 587.

Having so many SMTP ports for mail transmission definitely started creating confusions among the starters. In the following chapter, you will learn how to select the right SMTP port for your use case.

Choosing the right SMTP Port

There are two important parameters, which can help you decide the right SMTP port:

1. Data Security2. Connectivity

If data security is your top priority then port 587 (with SSL enabled) or 465 is the best option. As mentioned in the previous chapter, port 465 is not the official port and hence not accepted by every email service provider. So, you need to check with each provider to whom you want to connect over SMTP to deliver email.

As an anti-spam measure, most ISPs have now started blocking SMTP outgoing connection over port 25.

The other factor to choose the right SMTP port is “Connectivity”. When is the last time you experienced “connect to address A.B.C.D: Connection refused. Unable to connect to remote host”?

This is the most common problem when you’re using a shared hosting server. Almost all the hosting service provider like Godaddy, Rackspace blocks outgoing SMTP connection over port 25. There are many cases where the hosting provider also blocks port 587 and 465 too. This is intentionally done to protect the infrastructure from spammers. Port 25 been the default port, is widely used among the spammer community.

Submission on mail to its destination is only to be done on port 25 or 587. As these are the only official globally acceptable port. But, in case you’re using an email gateway like an email service provider (ESP) and facing issues while connecting with them over SMTP port, then you can try connecting over port 2525 to overcome this connectivity problem.

Chapter 6

What is Email Encryption & its significance?

image1

In the original email protocol (as described in RFC 821), the communication between two SMTP servers was proposed to be plain text. But, over a period of time, this increased the security risk with this channel. Over the year, many mechanisms were proposed to make it end-to-end encrypted or at least at the transport layer.

Like any other data, the email also requires encryption. The chances of having a vulnerability or stealing information are even higher when it comes to email. This is because, emails are prone to the disclosure of personal information like Name, Bank Balance, confidential conversations and a lot of other important documents. All major mailbox providers like Gmail or Outlook by default encrypt the emails sent from their platform. But this is not true when it comes to some of the other providers. Most of the emails are currently transmitted in clear text without any encryption.

Email encryptions mostly rely on public key-based cryptography, in which the recipients can publish a public key that senders can use to encrypt mail messages to them. The secret private key will remain with the recipient which they can use later to decrypt the received encrypted mail message. The same key can be used by them to digitally encrypt/sign messages they send from their mailbox.

Thanks to our global group of innovators who helped to solve this problem of encryption both at the transport level and at the end-to-end level too. Out of these two, implementing transport-level encryption is fairly easy as compared to end-to-end encryption.

Transport-level encryption

STARTTLS is one of the most commonly used email encryption extension. STARTTLS is actually nothing but a TLS (SSL) layer over the plaintext mail communication.

In this model, both the sender and the receiver server should have the support for TLS encryption. Anyone between these servers can’t really be able to sniff the mail content.

In this encryption model, the encryption actually takes place between the two SMTP relays and not really between the sender and the receiver. One of the biggest pros of this type of encryption implementation is that the user doesn’t have to worry about making any changes to send emails with encryption. Encryption will happen automatically at the transport layer and in fact, the receiving server doesn’t have to be dependent on the user to decrypt the message. As per Google, more than 90% of the GMail’s incoming and outgoing email is encrypted using STARTTLS.

While STARTTLS looks lucrative, but it has its cons too. In case, someone breaches the security of the email system, then they can easily read and edit the emails. In order to avoid this case, end-end encryption is recommended.

End-to-end encryption

This is the most secure encryption for emails. In the case of end-to-end encryption, the data is encrypted at the source and is not readable by anyone on the network neither by your mail service provider Gmail, Yahoo.

Here are a few protocols which help to enable end-to-end encryption:

  • Pretty Good Privacy (PGP)
  • GNU Privacy Guard (GPG)
  • Bitmessage
  • S/MIME

While doing end-to-end encryption and decryption seems to be more secure, but when it comes to the usability it fails. It is difficult to use this because the user has to set up public and private key and make the public key available for everyone.

While Gmail has recently become stricter for TLS encryption by implementing a red lock on each email which is received to your Gmail mailbox. In case the email is not TLS encrypted, the lock will be in open state with a message. This encourages the sender to send emails with TLS encryption. While all those good, but it’s been three years and Gmail still doesn’t has any updates on when it can have end-to-end encryption for all of your incoming and outgoing emails.

Implementing end-to-end encryption requires effort from both sender and receiver, so both the parties have to mutually understand its importance and implement.

Chapter 7

Configuring the SMTP Server

image1

Different operating systems and mailing servers have different steps to configure a SMTP server. In this section, you will learn how to configure an SMTP server is some of the popular mail applications:

Exchange 2010

When it comes to Windows, MS Exchange is the most popular application to send emails. You can either configure SMTP server in Exchange to deliver email from localhost or by connecting with an external SMTP.

Here are the steps on how to configure a send connector in the Exchange Management console to use localhost or external SMTP:

  1. Log into your Exchange server.
  2. Go to Start > All Programs > Microsoft Exchange Server 2010 and click the Exchange Management Console item.
  3. Open the Organization Configuration list and select Hub Transport.
  4. Click New Send Connector in the Actions sidebar.
  5. Provide a name to the Send Connector and select Internet for the Intended Use pull-down. It allows for the integration with an authenticated SmartHost and adds the default send permissions required by Exchange 2010 to route messages through an external host that is not a part of the domain forest.
  6. Click Next.
  7. Click Add.
  8. Provide the allowed address to which connector can send mails. If you want to:
    1. Send to anyone on the internet, then insert ‘*’ (asterisk) in the Address box.
    2. Send only to a specific domain, enter the domain.
    3. Allow all sub-domains, then check the box.
  9. Click Next.
  10. Go to Network Settings page. Select Route mail through the following smart hosts item.
  11. Click Add.
  12. Select Fully qualified domain name (FQDN), and enter: smtp.pepipost.com
  13. Click Next.
  14. In the Configure smart host authentication settings page, select the Basic Authentication option and check the Basic Authentication over TLS checkbox. Enter the Pepipost username and password here.
  15. Click Next.
  16. If you have one Exchange server, it is displayed. If you want to add more server(s) in your domain, click Add to locate the servers you want to allocate to this connector.
  17. Click Next.
  18. Verify the settings, and if everything is correct, click New.
  19. If the configuration is correct, a message is displayed. Click Finish to exit.

Ssmtp

Ssmtp provides an easy setup of an SMTP server. You need to just edit the /etc/ssmtp/ssmtp.conf file and add the following code:

mailhub=smtp.Pepipost.com:587

AuthUser=Pepipostusername

AuthPass=Pepipostpassword

UseSTARTTLS=YES

Restart

Ssmtp

Sendmail

Sendmail is one of the oldest and most popular backend mail applications to send emails. Sendmail requires libsasl library to send authentication requests to any SMTP servers. Below are the steps on how to configure SMTP in Sendmail:

  1. Provide the authorization credentials in /etc/mail/access
  2. AuthInfo:smtp.Pepipost.com “U:yourUserName” “P:yourPassword” “M:PLAIN” b. Define the Smart Host in /etc/mail/sendmail.mc Add these lines right below the commented #dnl define(‘SMART_HOST’, ‘smtp.your.provider’)dnl line in the file.
  3. define(SMART_HOST’,smtp.Pepipost.com’)dnl
    FEATURE(`access_db’)dnl
    define(RELAY_MAILER_ARGS’,TCP $h 587′)dnl
    define(ESMTP_MAILER_ARGS’,TCP $h 587′)dnl
  4. Update sendmail.cf and access.db files. You need to run these commands as ‘su’ or ‘root’)
  5. $ cd /etc/mail
  6. $ m4 sendmail.mc >sendmail.cf
  7. $ makemap hash access < access
  8. On older distros, you can run restart sendmail as below:
  9. $ /etc/init.d/sendmail restart
  10. If you are using a newer version of sendmail, do the following to restart: $ service sendmail restart

Chapter 8

Extended SMTP

image1

Extended or Enhanced SMTP (ESMTP) is a definition of protocol extensions to the standard SMTP. In 1995, RFC introduced this as part of their manual.

With the introduction of ESMTP, it became easy to maintain consistency and manageability of email delivery.

ESMTP defines consistent and manageable means, by which different servers involved in the delivery of the email are easily identifiable. Extended SMTP gives a framework, where an SMTP server can inform the receiving SMTP about the type of service extensions it supports currently. This new framework helps the use of new extensions without hampering the traditional default SMTP.

In order to support the extensions to SMTP, the default SMTP sends a mail object consisting of:

1. Envelope2. Content

While the environment in ESMTP remains the same as of default SMTP with envelope and content. But there are few inclusions:

1.The new EHLO command: If an SMTP client is supporting the SMTP service extension, then it should start the session by making an EHLO command. This command is a replacement to traditional HELO command which is used in default SMTP. If the receiving server do have the support for ESMTP, then it will give success, failure or error responses which are meant for ESMTP like for a successful response it will return:

ehlo-ok-rsp  ::=      "250"    domain [ SP greeting ] CR LF
                    / (    "250-"   domain [ SP greeting ] CR LF
                        *( "250-"      ehlo-line           CR LF )
                           "250"    SP ehlo-line           CR LF   )

In case of any failure, the SMTP client will return a 554 error code. In all other cases, it will make either HELO or QUIT command.

a registry of SMTP service extensions: The global IANA registry consists of the new ESMTP commands like:

  1. SEND
  2. SOML
  3. SAML
  4. EXPN
  5. HELP
  6. TURN

These are not the mandatory commands, as these are just the extensions to the default SMTP. As per RFC, the mandatory list of SMTP commands consists of HELO, MAIL, RCPT, DATA, RSET, VRFY, NOOP, QUIT.

Additional parameters to the default SMTP MAIL FROM and RCPT TO Commands: RFC doesn’t include any extensions to MAIL FROM or RCPT TO parameters. But, ESMTP framework has made certain provisions for the inclusion of additional parameters to this. Some of the examples are:

  1. esmtp-cmd
  2. esmtp-parameters
  3. esmtp-parameter
  4. esmtp-keyword
  5. esmtp-value

Chapter 9

Security extensions

image1

Security extensions can be used to establish a secure smtp connection between two servers.

TLS which is widely used with the combination of HTTP is one of the most popular protocols for network level security over TCP.

Same TLS also known as SSL is a popular mechanism when it comes to secure communication over SMTP protocol.

There are various vulnerabilities and threats to the basic SMTP protocol like DoS attacks, Malware, Spam/Phishing and Unauthorized access to emails. All of these can be addressed, with the use of various security extensions proposed as a part of SMTP Security Extensions.

Chapter 10

SMTP Authentication

image1

SMTP AUTH or SMTP Authentication is an extension of SMTP where the user of the SMTP or the client has to use any of the SMTP supported authentication mechanism to connect with the SMTP server.

STARTTLS

[STARTTLS] is one of the SMTP security extensions which can be used to make a secure connection between two servers.

Here is an example on how the STARTTLS works:

  1. 220 example.com ESMTP
  2. EHLO mydomain.com
  3. 250-example.com ESMTP
  4. 250 STARTTLS
  5. STARTTLS
  6. 220 Go ahead.
  7. EHLO mydomain.com
  8. 250-example.com ESMTP
  9. 250-SECURITY=NONE,STARTTLS
  10. 250-SIZE
  11. 250-DSN
  12. 250 HELP
  13. MAIL FROM: SIZE=1250 SECURITY=STARTTLS
  14. 250 Ok

The use of STARTTLS keyword in any SMTP transaction is used to tell the receiver that the SMTP server wants to negotiate the connection using TLS (Transport Layer Security).

Whenever a server makes a STARTTLS command, then the receiver can reply with any one of the below responses:

  • 220 Ready to start TLS
  • 501 Syntax error
  • 454 TLS not available

The response code 454 means that the receiver is not ready for a TLS handshake, and hence the sender should either terminate the connection or try to make a new unsecure connection.

Using a TLS doesn’t mean a end to end security of your email, this is because TLS happens between two servers. But, what if there are more than 2 servers in the entire journey of an email.

You can negotiate a TLS handshake with a server, but what if the receiver server is not the final destination and doesn’t make a TLS handshake with the next server in the hop. This will break your overall objective of making the emails as secure in the transit.

SMTP MTA Strict Transport Security

SMTP MTA Strict Transport Security is a mechanism which mail servers can use to declare whether they have the capability to accept TLS connection or not, and in case of incompatible what the sending server should be doing.

In order to declare your policies for SMTP MTA Strict Transport Security, you need to add view settings in DNS and HTTPS.

DNS related changes

You need to create a MTA-STS TXT record with the following syntax:

_mta-sts.example.com. IN TXT "v=STSv1; id=201546745644545Y;"

The MTA-STS TXT record must be a US_ASCII, semicolons are allowed.

SMTP TLS Reporting

While there are a lot of organisations who have started using TLS, very few seriously flow it completely. SMTP TLS Reporting is one of that functionality defined in RFC and implemented by a very few organisations. Gmail is the first major provider who started support for SMTP TLS Reporting also known as TLS-RPT.

SMTP TLS Reporting is a standard protocol which enables organisations to report the TLS connectivity related problems experienced within their application.

Here is a sample of SMTP TLS Reporting email:

From: tlsrpt@mail.sender.example.com
     Date: Fri, May 09 2017 16:54:30 -0800
     To: mts-sts-tlsrpt@example.net
     Subject: Report Domain: example.net
         Submitter: mail.sender.example.com
         Report-ID: <735ff.e317+bf22029@example.net>
     TLS-Report-Domain: example.net
     TLS-Report-Submitter: mail.sender.example.com
     MIME-Version: 1.0
     Content-Type: multipart/report; report-type="tlsrpt";
         boundary="----=_NextPart_000_024E_01CC9B0A.AFE54C00"
     Content-Language: en-us
 
     This is a multipart message in MIME format.
 
     ------=_NextPart_000_024E_01CC9B0A.AFE54C00
     Content-Type: text/plain; charset="us-ascii"
     Content-Transfer-Encoding: 7bit
 
     This is an aggregate TLS report from mail.sender.example.com
 
     ------=_NextPart_000_024E_01CC9B0A.AFE54C00
     Content-Type: application/tlsrpt+gzip
     Content-Transfer-Encoding: base64
     Content-Disposition: attachment;
         filename="mail.sender.example!example.com!
                   10547687685476854.gz"
     
------=_NextPart_000_024E_01CC9B0A.AFE54C00--
...

Chapter 11

Email Spoofing

image1

Email spoofing is a mechanism in which people try to create email messages with a forged sender identify.

The core SMTP protocol is very basic with no mechanism to do authentication. You can’t validate a sender with a core SMTP protocol. SMTP has been there for decades and since then its adoption has increased multi-folds. Many organisations are still using this unsecure version of SMTP without any external security extensions and hence you can’t really stop spoofing. Many global mail service providers like Gmail have already built their inhouse anti-spam engines to catch hold of such incoming email spoofing. But, nothing stops hackers to bypass these anti-spam filters too.

There are various security extensions which can be deployed to fight with email spoofing:

  • SPF
  • DKIM
  • DMARC

Almost every global mailbox provider today validates at least any one of the above authentication mechanism to catch hold the spoofers.

There are millions of cases getting reported every day around spoofing like someone receiving email from paypal to login and update their account details, email from coco-cola announcing you as a lottery winner, some emails from top companies like microsoft, apple to share your resume and so on.

All of these are best examples of email spoofing.

Pepi thinking

Start typing and press Enter to search

Thank you for your details!

Fill out your information below, and we will send you a PepiAlert, that will describe your domain’s email deliverability situation. Please note that your email address must match the domain, or the domain must be owned by the company matching the email address. We have the right to refuse the request, if we can’t verify the information.

*All fields are required



Pin It on Pinterest