Electronic mail (email) is one of the oldest and most widely used Internet services. It involves the exchange of digital messages among two or more Internet users. Every day billions of email messages are exchanged between users. Email service is supported by special servers that are called email servers. These servers accept, deliver, and store email messages in a store-and-forward operation. Email operation is quite simple. A user writes an email message, enters a recipient’s address, and relays it to the delivery service, which sends the message to the recipient user. The user can also attach files (of a certain size, depending on the email service) and send it to other users. Because email servers and individual accounts have been accessed by hackers, privacy concerns exist. In addition, some government agencies access email servers to conduct surveillance on individuals and groups.
This entry provides readers with an understanding of various facets of email, beginning with a review of its history. The entry then discusses how email works, email subsystems and protocols, and methods for using email services. The entry concludes with sections on email encryption for preserving the privacy of emails or files being sent, email misuses, and methods for ensuring secure use of email.
ARPANET is considered to have contributed significantly to the development of the email service. Experimental intersystem email transfers began shortly after its introduction in 1969. Ray Tomlinson, who worked as an ARPANET contractor, is credited with inventing email in the early 1970s. He proposed the use of the @ sign to separate the names of the user and the user’s machine when sending emails from one computer to another. The first email was sent from one DEC-10 (Digital Equipment Corporation) computer to another nearby DEC-10 computer. The system was quickly adopted across the ARPANET.
Outside the ARPANET, many other networks had developed their own email protocols and address formats. Thus, “gateways” were introduced to pass emails between the Internet and these other networks. By the mid-1970s email use was rapidly expanding. Commercial packages began to appear, and at that point, 75% of the ARPANET traffic was emails.
As email service matured, email protocol standards began to emerge. The first was called Simple Message Transfer Protocol (SMTP), and it was introduced in 1982. In 1985, the Post Office Protocol (POP), a protocol for retrieving the contents of a mailbox, was proposed. The Internet Message Access Protocol (IMAP) emerged in 1986 as a remote mailbox protocol.
Email technologies and standards have been under development for more than 30 years. The protocols to relay email messages between systems and the rules for formatting email messages have evolved through time.
To employ an email service, the user must have an account on an email server and a computer, or other mobile device, connected to the Internet. Thus, the user is able to receive emails sent to him by other users. The user connects to his email server using an email application (email client) to download his email messages to his computer or mobile device, or he employs a web browser to read his emails online. The received emails reside in the email server until the user downloads them on his computer (via his email client) or deletes them by accessing them online via a web browser.
In a similar manner, when a user wants to send an email, he writes the message using an email client on his computer or his mobile device, or online with the help of a web browser. Then his email server relays the email message to its destination.
During the process of sending and receiving email messages, a number of protocols are employed. The protocol that is employed for sending email messages is the SMTP. When receiving email messages, the POP or the IMAP is being utilized.
Initially, the email service supported the transmission of messages that included only text. But with the introduction of the Multipurpose Internet Mail Extension, the ability to send other types of encoding schemes was added. Thus, email messages are able to include various types of files (e.g., documents, photos, audio and video files). If multiple files are being sent in one email, usually users will compress the files they want to attach to a single file. It is worth noting that the size of the attached files cannot be above a certain limit, depending on the email server the user employs (usually 10–20 megabytes). But because users often exchange multimedia files (i.e., photos and videos), the maximum allowable file size is often inadequate since it cannot accommodate large files. Because of that limitation, users often use file-sharing services (e.g., Google Drive, Onedrive, Dropbox, Sugarsync), which can accommodate an almost unlimited file size.
An email system consists of two subsystems. The first one is the Message Handling System, and it is responsible for delivering emails from the sender to the recipient. This system is serviced by a set of servers called Message Transfer Agents. The second subsystem is the User Agent system, and it enables the email user to perform various functions that are related to the email service (e.g., receive, delete, archive, print, and create email messages); the User Agent also interacts with the Message Handling System for the email messages to be delivered to the destination user.
All the communication transactions between the user’s computer or mobile device and the email server are conducted with the help of the three previously mentioned protocols: SMTP, POP, and IMAP. The SMTP is the standard protocol for sending email transmission, although it can also be used for receiving messages. The POP is an Internet protocol used by local email clients to retrieve emails from a remote server over a Transmission Control Protocol/Internet Protocol connection. The POP downloads the messages from the email server and then deletes the messages from the remote mailboxes that are located in the email servers. The problem is that the POP allows only one email client to connect to the email server at each instant, and it deletes the messages once they are downloaded from the email server. Thus, it is not possible for a user to access the email server from multiple devices (e.g., a computer, smartphone). This problem was solved with the introduction of the IMAP, which allows users to store their emails on their remote email servers. This two-way protocol also permits the user to synchronize emails among multiple devices, an extremely important characteristic today, when most people have at least two devices connected to the Internet. The majority of email servers support the SMTP and both POP and IMAP.
When email services were initially introduced, users employed client applications to send and receive email messages. These applications have to be installed in the user’s computer. All received emails reside in the user’s computer, and they are accessible regardless of whether or not the computer is connected to the Internet. Popular email clients include Mozilla’s Thunderbird, Microsoft Outlook, Eudora, IBM Lotus Notes, and Pegasus Mail. These programs offer various features that allow organizing messages in folders and subfolders. Email clients are very useful, especially in the early days of the Internet, when dial-up connections were utilized. Thus, users were able to organize, write, and delete messages while being off-line. A user connected to the Internet for small time periods, only to send emails and download new emails.
The problem with this method is that the user must always use her own computer to access her email service. The solution to this problem was the introduction of webmail (or web-based email). In this case, an email client is implemented as a web application running on a web server. Gmail and Hotmail are examples of typical webmail services. The majority of email servers today offer their services via both webmail and email clients. Although the webmail concept is quite attractive, there is one significant drawback. Users must be connected to the Internet to access their emails.
In recent years, there has been growing public concern regarding the privacy of electronic communications. In the case of the Internet, email service appears to be vulnerable to unauthorized display of email messages. To ensure users’ privacy, various encryption techniques may be utilized. Encryption can be defined as the process of encoding information in such a way that only legitimate parties can read them. In the case of email encryption, the process usually involves the encryption and often authentication of email messages. Encryption technology for emails has been available, but it has not been widely adopted. The reason for this low adoption is the fact that most people believe that their email messages are not important and thus encrypting them is not necessary.
Email encryption usually utilizes public-key cryptography. This involves users publishing a public key that other users can use to encrypt the messages they are sending to them. They also keep secret a private key that they can use to decrypt such messages or to digitally encrypt and sign the messages they send. Many email clients provide native support for various encryption protocols (e.g., Open Pretty Good Privacy, Secure/Multipurpose Internet Mail Extension, Transport Layer Security, identity-based encryption, mail sessions encryption). One of the most widely used encryption methods is Pretty Good Privacy, which is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication (including emails).
Stored emails may also be encrypted, especially if they reside on mobile devices (smartphones and tablets) and laptop computers. The majority of mobile devices offer some kind of full-device encryption protection through their operating systems (e.g., Android, iOS, BlackBerry). For laptops and even PCs, the best solution is to encrypt only the stored emails through encryption offered by email clients.
Email services have also created many problems for Internet users. Spam, spoofing, phishing, and hoaxes are some of the issues that are related to email services. Spam is an unsolicited email message, usually related to advertising. Email spoofing is defined as the creation of email messages with a forged sender address. It is mainly used in cases where the sender of an email wants to remain anonymous or wants to present a false identity. The problem is that SMTP, the protocol that is mainly used for sending email, does not incorporate authentication. Thus, it is possible to send an email message that appears to originate from anyone. Although the majority of the received spoofed emails are easy to detect, there are some cases of spoofed emails that can cause serious problems and security risks. That is why email users must always examine the received emails with caution, even though they may appear to be sent by a known user.
Phishing can be defined as the attempt to acquire sensitive information (e.g., usernames, passwords, credit card details, account numbers) by impersonating a trustworthy entity. Such emails include, in many cases, links to websites that are infected with malware. In other cases, the emails may include attachments that appear to do nothing when the user attempts to open them. The problem is that they install a “backdoor” to the user’s computer that allows hackers to take control of the machine. Usually, spoofing techniques are employed in the case of phishing in an attempt to make users believe that the message was sent by a legitimate authority. Phishing can be considered an example of social engineering techniques employed to deceive users, which is possible due to the poor usability of current web security technologies.
A hoax is a deliberately fabricated falsehood made to masquerade as the truth. In the case of an email hoax, it involves an email message warning recipients of a nonexistent threat, usually referring to legitimate well-known authorities such as Microsoft or Apple. The email attempts to persuade the recipients to forward the email to their email contacts. In some cases, the hoax is more harmful, and it tries to convince users to delete useful files from their computer by telling them that these files are infected.
Although there are various problems that may appear through the use of email services, Internet users can easily minimize the risk by following some simple practices. Email passwords must be strong to make difficult for scammers and hackers to discover them. Attention must also be given to the secret questions and answers that many services use to reset users’ passwords. Users must be cautious in entering their email addresses and password to subscribe to some Web 2.0 service, as their email addresses may be included in spam lists. They must also avoid inviting other users (by entering their email addresses) to subscribe to the same service, since they will become spamming targets.
Users must always remember that banks and financial institutions will never send their clients emails asking them to follow links in order to verify their information (e.g., username, password). Thus, users should never follow links from emails to log in to their web banking service. Such links may lead them to fake websites. Instead, they should type the URL of the banking institution or create a bookmark.
There are certain actions that users should avoid if they receive spam emails. They should not reply to spam emails and should not buy products that are advertised through spam email. They should also activate the spam filter in their email service to minimize the number of incoming spam emails.
Another instance of when email needs to be secured is when users start receiving a large number of bounced spam emails that appear to have been sent from their own email address. The first action users should take is to reset their email account’s password, just in case spammers have hacked into their email account. If the bounced spam emails continue to flow in, users should determine if their PC has been compromised (infected by virus or malware) by scanning it with antivirus and anti-malware software. If the problem is not resolved, the safest thing users can do is to cancel their email accounts.
Although email is one of the oldest Internet services, it is still one of the most widely used. Since the introduction of email service, there have been many unsuccessful attempts to substitute email with other new services that employ additional and modern characteristics. Many other Internet services, especially social networking services, have incorporated similar messaging features. For example, Facebook offers an internal messaging system for its users. Nevertheless, email continues to be among the top services that Internet users employ daily.
See also Email ; Identity Theft ; Spam
Bradley, Tony. “Minimizing Your Exposure to Email Spoofing.” PCWorld (April 5, 2012). http://www.pcworld.com/article/253305/minimize_your_exposure_to_email_spoofing.html (Accessed September 2017).
Crocker, Dave. “A History of E-Mail: Collaboration, Innovation and the Birth of a System.” Washington Post (March 20, 2012). http://www.washingtonpost.com/national/on-innovations/a-history-of-e-mail-collaboration-innovation-and-the-birth-of-a-system/2012/03/19/gIQAOeFEPS_story.html (Accessed September 2017).
Geier, Eric. “How to Encrypt Your Email.” PCWorld (April 25, 2012). http://www.pcworld.com/article/254338/how_to_encrypt_your_email.html (Accessed September 2017)
Hatton, Les. E-Mail Forensics: Eliminating Spam, Scams and Phishing. London, England: BlueSpear, 2011.
Kamal, Raj. Internet and Web Technologies. New Delhi, India: Tata McGraw-Hill, 2002.
Krebs, Brian. Spam Nation: The Inside Story of Organized Cybercrime—From Global Epidemic to Your Front Door. Naperville, IL: Sourcebooks, 2014.
McAfee. “Email Encryption Made Simple.” White Paper (2012). http://bluekarmasecurity.net/wp-content/uploads/2014/01/McAfee-WhitePaper-Email-Encryption-Made-Simple.pdf (Accessed September 2017).
Norton, Peter. Peter Norton’s Introduction to Computers. Boston, MA: McGraw-Hill Higher Education, 2005.
Partridge, Craig. “The Technical Development of Internet Email.” IEEE Annals of the History of Computing (April–June, 2008). http://ieeexplore.ieee.org/document/4544553/ (Accessed September 2017).
Van Vleck, Tom. The History of Electronic Mail (2001). http://www.multicians.org/thvv/mail-history.html (Accessed September 2017).