Chapter 2
The Email System

Before you can ini­ti­ate sol­id email secu­ri­ty, you first have to under­stand how the email sys­tem works (in 13 easy steps shown in this chap­ter). The sys­tem seems unap­pe­tiz­ing­ly com­plex at first look. You send an email to your recip­i­ent through a long path­way of soft­ware, hard­ware, and con­nec­tions (trans­mis­sions). Why is it nec­es­sary to under­stand it? Well, each step of the way is sus­cep­ti­ble to a secu­ri­ty breach (hack­ing). If you want secu­ri­ty, you need to make sure you’re pro­tect­ed at each step. Chap­ter 4 ana­lyzes the secu­ri­ty vul­ner­a­bil­i­ties and defens­es for each step in the path. But this chap­ter aims only to pro­vide a sim­ple out­line of the email sys­tem.

This chap­ter goes from a list of the 13 steps in the path­way to a dia­gram, and then to more spe­cif­ic infor­ma­tion on each step of the path­way.

This step-by-step out­line illus­trates that the email mes­sage you send to a recip­i­ent flows along as fol­lows:

1. Your email pro­gram
2. Your com­put­er
3. Local Wi-Fi trans­mis­sion (or net­work cable)
4. Your local net­work
5. Trans­mis­sion across the inter­net
6. Your email provider’s email serv­er
7. Trans­mis­sion across the inter­net
8. Recipient’s email provider’s email serv­er
9. Trans­mis­sion across the inter­net
10. Recipient’s local net­work
11. Local Wi-Fi trans­mis­sion (or net­work cable)
12. Recipient’s com­put­er
13. Recipient’s email pro­gram

What may sur­prise you is that your email mes­sage typ­i­cal­ly goes across the inter­net three times and across local net­works twice before it gets to the recip­i­ent. Wow! This pro­vides more oppor­tu­ni­ties for hack­ers than you may have thought. So to get a more sol­id grasp of this email sys­tem, let’s con­sid­er these steps one by one in more detail.

1. Your Email Program

An email pro­gram is just a com­put­er pro­gram. RMail calls it an email inter­face. The IT peo­ple know it as an email client. But I pre­fer to use the old-fash­ioned name: email pro­gram. Your email pro­gram might be Microsoft Out­look, Mozil­la Thun­der­bird, Apple Mail, Syna­cor Zim­bra, or one of the dozens of oth­er email pro­grams that you can buy or obtain for free.

Your email pro­gram can be on your desk­top, lap­top, tablet, or phone. Because of the dif­fer­ence in devices, your email pro­gram will be dif­fer­ent for your desk­top and lap­top than it is for your tablet or phone, even if it has the same name.

In oth­er words, an email pro­gram is sim­ply the com­put­er pro­gram you use to send, receive, and man­age email.

2. Your Computer

Your com­put­er is the device in which your email pro­gram oper­ates, such as a desk­top com­put­er or a mobile device. In order to send email, your com­put­er must be con­nect­ed to the inter­net. Typ­i­cal­ly, your com­put­er con­nects to the inter­net through a Wi-Fi net­work in your home, place of busi­ness, or a pub­lic place.

The most pop­u­lar local net­works are Wi-Fi net­works imple­ment­ed by Wi-Fi routers. Some ISPs pro­vide pro­pri­etary routers that you must use. Oth­ers require you to pur­chase your own router at a com­put­er store. Instead of a net­work cable con­nect­ing your com­put­er to a router, your com­put­er com­mu­ni­cates with a Wi-Fi router via a wire­less trans­mis­sion.

Cell­phones  In the case of smart­phones, the con­nec­tion to the inter­net can be by a trans­mis­sion over the cell phone sys­tem. Thus, the cell phone sys­tem becomes your local net­work, in effect. But cell­phones can also use Wi-Fi for email trans­mis­sions.

Yes, some peo­ple still use routers to which com­put­ers are con­nect­ed by a net­work cable; but such routers have fall­en out of favor. Wi-Fi is sim­ply much more con­ve­nient. Nonethe­less, some enter­prise net­works still use cables too.</p>

2. Local Transmission

This is the trans­mis­sion from your com­put­er to your router. This hap­pens in one of two ways. If you have a Wi-Fi router, this trans­mis­sion is in your home or place of busi­ness, not via satel­lite and not on the inter­net.

If you have a router with net­work cable con­nec­tions, there is no wire­less trans­mis­sion; the con­nec­tion is over an actu­al net­work cable. This cable is your con­nec­tion to your local net­work.

4. Your Local Network

Your ISP sup­plies you with an inter­net con­nec­tion via a tele­phone wire, cable wire, or satel­lite trans­mis­sion via a modem in your home or place of busi­ness.

You con­nect a Wi-Fi router (or a router that pro­vides net­work cable con­nec­tions) to the modem to cre­ate a local net­work. This descrip­tion can mis­lead you, because some ISPs pro­vide you with a com­bi­na­tion modem-router; that is, instead of hav­ing two devices (two box­es) you have only one.

The router enables you to con­nect your com­put­er to the inter­net along with all the oth­er com­put­ers on your net­work in your house­hold, your place of busi­ness, or a pub­lic place that pro­vides Wi-Fi.

Note that if you are on an enter­prise net­work, such as in a large busi­ness, your local net­work is the enter­prise net­work.

5. Transmission Across the Internet

This is a trans­mis­sion across the inter­net from your net­work to your email ser­vice provider’s email serv­er. That’s a mouth­ful, so let’s sim­ply call it your email serv­er. That is, this is a trans­mis­sion across the inter­net from your net­work to your email serv­er.

Note that many enter­prise net­work sys­tems oper­ate their own email servers. In such a case, your email doesn’t go across the inter­net; it sim­ply goes through your local enter­prise net­work to the enter­prise email serv­er.

6. Your Email Server

Your email ser­vice provider has a pro­gram in its com­put­er (con­nect­ed to the inter­net) named an email serv­er. The email serv­er sends email mes­sages out across the inter­net to oth­er email servers, and it also receives and stores email mes­sages from oth­er email servers on the inter­net.

When you send an email mes­sage, it goes to your email serv­er, which instant­ly queues and man­ages the send­ing of the mes­sage across the inter­net towards its des­ti­na­tion.

When your email serv­er receives a mes­sage addressed to you, it stores that mes­sage in its data­base and waits for you (your email pro­gram) to con­nect to it to retrieve the mes­sage. Accord­ing­ly, your email serv­er oper­ates 24/7 so it can send and receive email at any time.

Again, your email serv­er is actu­al­ly your email ser­vice provider’s email serv­er; and if you’re on an enter­prise net­work, your email serv­er typ­i­cal­ly is the enterprise’s email serv­er.

7. Transmission Across the Internet

The next step in the path is the trans­mis­sion across the inter­net from your email serv­er to the recipient’s email ser­vice provider’s email serv­er. Let’s call that sim­ply the recipient’s email serv­er. In oth­er words, the trans­mis­sion across the inter­net goes from email serv­er to email serv­er.

Last Six Steps

When the mes­sage gets to the recipient’s email serv­er, the path­way of steps described in 1 to 6 hap­pens in reverse and is list­ed as steps 8 to 13.

8. Recipient’s Email Server

When your mes­sage gets to the recipient’s email serv­er, that serv­er stores your mes­sage in its data­base await­ing a request from the recipient’s email pro­gram to retrieve mes­sages from the serv­er. One typ­i­cal­ly sets up one’s email pro­gram to retrieve mes­sages from an email serv­er every half-hour (or oth­er time peri­od) or man­u­al­ly. As soon as the recipient’s email serv­er receives the request from the recipient’s email pro­gram, the serv­er imme­di­ate­ly trans­mits your email mes­sage to the recipient’s email pro­gram via recipient’s local net­work and com­put­er.

Mes­sage Stor­age  After the recipient’s email pro­gram retrieves a mes­sage from the email serv­er, it may delete the mes­sage from the serv­er, or may not. It depends on the program’s set­tings (made by the recip­i­ent).

9. Transmission Across the Internet

The recipient’s email serv­er trans­mits your email mes­sage across the inter­net to the recipient’s net­work (or with­in an enter­prise to the enter­prise net­work).

10. Recipient’s Network

Your email mes­sage reach­es the recipient’s local net­work, but it’s not home yet. The router routes your mes­sage on the local net­work to the recipient’s com­put­er.

11. Local Transmission

The recipient’s router trans­mits your mes­sage to the recipient’s com­put­er. This is a Wi-Fi trans­mis­sion in the recipient’s home, place of busi­ness, or in a pub­lic place.

If the recip­i­ent has a router with cable con­nec­tions, there is no wire­less trans­mis­sion; trans­mis­sion is via a net­work cable.

12. Recipient’s Computer

Once the email reach­es the recipient’s com­put­er, it’s still not home yet. The com­put­er directs your email mes­sage to the cor­rect soft­ware. That soft­ware, of course, is the recipient’s email pro­gram.

13. Recipient’s Email Program

Final­ly, the recipient’s email pro­gram receives your email mes­sage and waits for the recip­i­ent to read it. In oth­er words, your email mes­sage resides in the recipient’s email pro­gram until such time as the recip­i­ent looks at the list of incom­ing email mes­sages and decides to open and read your email mes­sage.

Final­ly, the path of steps comes to an end.

Security Breaches

Again, why do we need to know the path? This path as explained above seems to be some­what redun­dant with tech-speak in 13 steps. Nonethe­less, each step is sim­ple to under­stand, and you need such under­stand­ing to learn how you can make your email secure.

Each step in the path is sus­cep­ti­ble to a secu­ri­ty breach. Chap­ter 4 explains the risks at each step along the email path­way and pro­pos­es defens­es you can make against poten­tial breach­es at each step. As you might expect, the risks and the defens­es for each step are not the same. There is no prac­ti­cal sil­ver bul­let you can invoke (no one tech­nique) to elim­i­nate all the risks of hack­ing. Indeed, com­plete secu­ri­ty requires mul­ti­ple defen­sive ser­vices you can use for your email traf­fic.

On the oth­er hand, you do not need 13 dif­fer­ent defens­es. Some defens­es cov­er mul­ti­ple steps. Many secure email ser­vice providers fur­nish only one ser­vice, an approach not ade­quate to cov­er all threats. RMail pro­vides mul­ti­ple secure email ser­vices that enable you to defend your­self against hack­ing from all threats.

Func­tion­al­i­ty  RMail not only pro­vides mul­ti­ple secu­ri­ty ser­vices but also pro­vides increased email func­tion­al­i­ty, which enables you to dupli­cate off-line func­tions online. For instance, you can send an email with a con­tract attached, get a sig­na­ture on the con­tract, and have the con­tract returned to you as a valid­ly exe­cut­ed agree­ment, all done secure­ly via email.

Summary

Send­ing and receiv­ing email are easy pro­ce­dures. But the trans­mis­sion process­es fol­low a more com­plex path than most of us real­ize. Each step of that path is sus­cep­ti­ble to hack­ing. Armed with this knowl­edge, we can take pre­cau­tions that make our email much safer from hack­ing.