What protocol is used to receive incoming mail. Email protocols: POP3, IMAP4, SMTP. HTTP - Hypertext Transfer Protocol

On the Internet, to deliver e-mail, the originating machine establishes a TCP connection to port 25 of the receiving machine. This port is listened to by the mail daemon and they communicate using the Simple Mail Transfer Protocol (SMTP). This daemon accepts incoming connections and copies messages from them to the appropriate mailboxes. If the message cannot be delivered, an error message is sent to the sender containing the first part of the message.

MTA (Mail Transfer Agent)- mail transfer agent - is the main component of the Internet mail transfer system, which represents this network computer for the network e-mail system. Usually users do not work with MTA, but with the program MUA (Mail User Agent)- an e-mail client. The principle of interaction is schematically shown in the figure.

SMTP is a simple ASCII protocol. Having established a TCP connection to port 25, the sending machine acting as a client waits for a request from the receiving machine operating in server mode. The server starts the dialogue by sending a text string containing its identifier and informing about its readiness (or unavailability) to receive mail. If the server is not ready, the client drops the connection and tries again later.

If the server is ready to accept mail, the client announces who the mail came from and who it is intended for. If the recipient of the mail exists, the server gives the client the go-ahead to forward the message. The client then sends a message. And the server confirms its receipt. Checksums are not checked because TCP provides a reliable byte stream. If the sender has more mail. She is also sent. After all mail has been sent in both directions, the connection is dropped.

The simplest example of an SMTP session С: - client, S: - server

S: (waiting for connection)

C: (Connects to server port 25)

S: 220 mail.company.tld ESMTP CommuniGate Pro 5.1.4i is glad to see you!

S: 250 domain name should be qualified

S: 250 This e-mail address is being protected from spambots. To see it, you need JavaScript enabled sender accepted

S: 250 This e-mail address is being protected from spambots. To see it, you need JavaScript enabled ok

S: 550 This e-mail address is being protected from spambots. To see it, you need JavaScript enabled unknown user account

S: 354 Enter mail, end with "." on a line by itself

S: 250 769947 message accepted for delivery

S: 221 mail.company.tld CommuniGate Pro SMTP closing connection

S: (closes the connection)

As a result of such a session, the letter will be delivered to the addressee. This e-mail address is being protected from spambots. To see it, you need JavaScript enabled, but it will not be delivered to the addressee This e-mail address is being protected from spambots. To see it, you must have JavaScript enabled, because such an address does not exist.

Some SMTP commands

Due to problems with spam, almost all modern servers ignore the VRFY and EXPN commands as revealing information about the user.

To solve some problems. The extended SMTP protocol, ESMTP, was developed. Clients wishing to use it must start a session by sending an EHLO instead of a HELO. If the command is not accepted by the server, it means that the server only supports regular SMTP and the client should work normally. If EHLO is accepted, it means that an ESMTP session has been established and it is possible to work with new parameters and commands.

Post Office Protocol Version 3- Post Office Protocol version 3 is a network protocol used by a mail client to retrieve e-mail messages from a server. Usually used in conjunction with the SMTP protocol.

Previous versions of the protocol (POP, POP2) are obsolete. IMAP is an alternative protocol for collecting messages from a mail server. By default, it uses TCP port 110. There are POP3 server implementations that support TLS and SSL.

After the connection is established, the POP3 protocol goes through three consecutive states

• 1. Authorization the client goes through the authentication procedure
• 2. The transaction the client receives information about the state of the mailbox, accepts and deletes mail.
• 3. Refreshing the server deletes the selected messages and closes the connection.

While POP3 does support the ability to receive one or more emails and leave them on the server, most email programs simply download all emails and empty the mailbox on the server.

Session example

S:<Сервер ожидает входящих соединений на порту 110>

C:<подключается к серверу>

S: + OK POP3 server ready< Этот адрес e-mail защищен от спам-ботов. Чтобы увидеть его, у Вас должен быть включен Java-Script >

C: APOP mrose

S:<сервер передает сообщение 1>

S: + OK message 1 deleted

S:<сервер передает сообщение 2>

S: + OK message 2 deleted

S: + OK dewey POP3 server signing off (maildrop empty)

C:<закрывает соединение>

S:<продолжает ждать входящие соединения>

For a user who has one account with one provider and always connects to the provider from the same machine, the POP3 protocol is sufficient. This protocol is widely used due to its simplicity and reliability. But many users have one account at an educational institution or at work, but they want to have access to it both from home and from their place of work (school), and during a business trip from different places. Although the POP3 protocol allows you to resolve this situation. But the problem is that with this use of e-mail, all the user's correspondence will very quickly spread to the random machines from which he accessed the Internet, and some of these computers may not belong to the user at all.

This inconvenience led to the creation of an alternative protocol for receiving mail, IMAP.

IMAP (Internet Message Access Protocol)- Internet application protocol for accessing e-mail.

IMAP provides the user with rich options for working with mailboxes located on a central server. A mail program using this protocol accesses the correspondence store on the server as if the correspondence was located on the recipient's computer. E-mails can be manipulated from the user's (client's) computer without the need to constantly send files with the full contents of the letters from the server and back.

IMAP was designed to replace the simpler POP3 protocol and has the following advantages over the latter:

• 4. Emails are stored on the server, not on the client. It is possible to access the same mailbox from different clients. Simultaneous access of several clients is also supported. There are mechanisms in the protocol by which a client can be informed about changes made by other clients.
• 5. Support for multiple mailboxes (or folders). The client can create, delete and rename mailboxes on the server, as well as move letters from one mailbox to another.
• 6. It is possible to create shared folders to which several users can have access.
• 7. Information about the status of letters is stored on the server and is available to all clients. Emails can be marked as read, important, etc.
• 8. Server search support. There is no need to download a lot of messages from the server in order to find the one you need.
• 9. Support for online work. The client can maintain a constant connection with the server, while the server informs the client in real time about changes in mailboxes, including new letters.
• 10. A mechanism for expanding the capabilities of the protocol is provided.

The current protocol version is designated IMAP4rev1 (IMAP version 4, revision 1). The protocol supports encrypted transmission of the user's password. In addition, IMAP traffic can be encrypted using SSL.

3. Summary table of mail clients and servers for various OS

4. The most famous WEB-clients for working with mail

Eudora mail- an e-mail client that appeared at the dawn of the Internet, when e-mail was almost the only means of communication.

Evolution is a graphical client program for managing email, contacts and time for the Linux platform. Developed and maintained by Novell. Contains calendar, time planning system, address book, supports all common mail protocols IMAP, POP, SMTP.

Fidolook- an e-mail client, which is a built-in add-on to Outlook Express from the Internet Explorer package. Significantly expands such Outlook Express capabilities as message quoting, message templates, customizing message headers, working with news folders, message import and export.

Foxmail! is a free email program for Windows. Developed by the Chinese corporation TenCent. Supports SMTP, POP3 and RSS protocols. Key features:

• o sending letters without the participation of an SMTP server (the user's computer acts as an SMTP server);
• o the ability to set a password for the account;
• o setting up mail reception from several E-mail addresses into one account;
• o letter sorter based on filters;
• o creating and editing templates for new letters;
• o work with the dispatcher of letters (management of messages on the server);
• o the ability to encrypt messages;
• o convenient address book integrated into the interface;
• o RSS aggregator.

KMail- an e-mail client common in operating systems of the * nix family. Supports SMTP, POP3, IMAP, local mailboxes, and there is also support for antivirus, antispam, custom filters.

M2- the internal name of the mail and news client built into the Opera browser and officially called Opera Mail. Its interface differs from other email clients in order to provide better integration with Opera, and it also has a spam filter, support for POP3 and IMAP, newsgroups, RSS and Atom news feeds.

MailMan- a mail client for mobile devices and phones, is a java application. Key features:

• o working with the file system (saving, adding attachments to files of any format, working with the address book, saving the download history to disk in .txt, playing a given melody);
• o the ability to work with encodings and transliteration;
• o viewing html, wml, pda and xml-like pages as text without links and images with the ability to customize the font;
• o a huge number of parameters and flexible customization;
• o the program is distributed free of charge.

Microsoft Outlook- a computer program-organizer with the functions of a mail client, included in the package of office programs Microsoft Office. Key features:

• o is a full-fledged Organizer, providing the functions of a calendar, task planner, notebook and contact manager;
• o allows you to track work with documents of the Microsoft Office package for automatic compilation of a work diary;
• o can be used as a separate application or act as a client for the Microsoft Exchange Server mail server, which provides additional functions for collaboration between users of the same organization: shared mailboxes, task folders, calendars, conferences, scheduling and scheduling the time of general meetings, coordination documents.

Mozilla thunderbird is a free, freeware program for working with e-mail and newsgroups. It is part of the Mozilla project. Supports the protocols SMTP, POP3, IMAP, NNTP, RSS, works in Windows, Mac OS X and Linux, and the set of features and the location of controls are the same on all platforms.

Outlook Express- a program for working with e-mail and newsgroups, which is supplied with the Windows operating system, starting with Windows 95 OSR 2.5, and also together with the Internet Explorer browser, starting from version 4.0. The new version of Outlook Express that was included with Windows Vista along with Internet Explorer 7.0 is called Windows Mail. The name Outlook Express suggests that this program is a "lightweight" version of Microsoft Outlook and, unlike Outlook Express, does not have newsgroup functionality.

The Bat!- shareware program for working with e-mail for Windows. Developed by the Moldovan company RitLabs. Supports SMTP, POP3, IMAP protocols, has a fairly advanced message filtering system and supports a large number of Cyrillic encodings. There are two versions of the program: Home and Professional. The Professional version has the ability to check spelling, message encryption and biometric authentication.

6. Security settings in mail systems: TLS, SSL, digital signature, certificate. SPAM concept

TLS (Transport Layer Security) is a cryptographic protocol that provides secure data transfer between users on the Internet.

The TLS protocol is based on the Netscape SSL protocol version 3.0 and consists of two parts - the TLS Record Protocol and the TLS Handshake Protocol. The differences between SSL 3.0 and TLS 1.0 are minor, so throughout this text the term “SSL” will refer to both. Most modern browsers support this protocol. The TLS Working Group, founded in 1996, continues to work on the protocol.

SSL uses cryptography to provide authentication and secure transmission of data over the Internet. Often, only server authentication occurs while the client remains unauthenticated. For mutual authentication, each party must support a public key infrastructure (PKI) that protects client / server applications from intercepting messages, editing existing messages, and creating spoofed messages.

SSL has three main phases:

• o Dialogue between the parties, the purpose of which is to choose an encryption algorithm
• o Key exchange based on public key cryptosystems or certificate-based authentication.
• o Transmission of data encrypted using symmetric encryption algorithms

In the first phase, the client and server discuss the choice of cryptographic algorithm for further use. The following algorithms are available in this version of the protocol:

• o Combinations of algorithms are used for key exchange and authentication: RSA (asymmetric cipher), Diffie-Hellman (secure key exchange), DSA (digital signature algorithm) and Fortezza technology algorithms.
• o For symmetric encryption: RC2, RC4, IDEA, DES, Triple DES or AES;
• o For hash functions: MD5 or SHA.

SSL (Secure Sockets Layer) is a cryptographic protocol that ensures secure data transmission over the Internet. When using it, a secure connection is created between the client and the server. SSL was originally developed by Netscape Communications and is now adopted by the IETF as a standard. Supported by all popular browsers.

Uses public key encryption to authenticate the transmitter and receiver. Maintains the reliability of data transmission through the use of correction codes and secure hash functions.

SSL has two layers. At the lowest level of a multilayer transport protocol (eg TCP), it is a recording protocol and is used to encapsulate (i.e., form a packet) various protocols. For each encapsulated protocol, it provides conditions under which the server and client can authenticate to each other, execute encryption algorithms, and exchange cryptographic keys before the application protocol begins to transmit and receive data.

To access SSL-protected pages, the URL usually uses the https prefix (port 443) instead of the usual (schema) http prefix, indicating that an SSL connection will be used. Since encryption / decryption operations are computationally intensive, SSL hardware accelerators are used to reduce the load on web servers.

SSL requires the server to have an SSL certificate in order for it to work.

Electronic digital signature (EDS) is an electronic document requisite designed to certify the data source and protect this electronic document from counterfeiting.

A digital signature provides:

• o Verification of the source of the document. Depending on the details of the document definition, fields such as "author", "changes made", "timestamp", etc. may be signed.
• o Protection against document changes. Any accidental or deliberate change in the document (or signature) will change the hash, therefore, the signature will become invalid.
• o Impossibility of repudiation of authorship. Since you can create a correct signature only if you know the private key, and it is known only to the owner, the owner cannot refuse his signature on the document.

The following digital signature threats are possible:

• o An attacker can try to forge a signature for a document of his choice.
• o An attacker can try to match a document to a given signature so that the signature matches it.
• o An attacker can try to forge a signature for any document.

When using a reliable hash function, it is computationally difficult to create a fake document with the same hash as the genuine one. However, these threats can be realized due to the weaknesses of specific hashing algorithms, signatures, or errors in their implementations.

Nevertheless, such threats to digital signature systems are still possible:

• o An attacker who stole a private key can sign any document on behalf of the owner of the key.
• o An attacker can trick the owner into signing a document, for example, using the blind signature protocol.
• o An attacker can replace the owner's public key (see key management) with his own, impersonating it.

Certificate (public key certificate, EDS certificate) is a digital or paper document confirming the correspondence between the public key and information identifying the owner of the key. Contains information about the owner of the key, information about the public key, its purpose and scope, the name of the certification authority, etc.

The public key can be used to organize a secure communication channel with the owner in two ways:

• o to verify the signature of the owner (authentication)
• o to encrypt data sent to him (confidentiality)

There are two models for organizing a certificate infrastructure: centralized (PKI) and decentralized (PGP). In the centralized model, there are root certification authorities, whose signatures must be trusted by every user. In a decentralized model, each user independently chooses which certificates he trusts and to what extent.

Spam (English spam) - messages sent in bulk to people who have not expressed a desire to receive them. The term "spam" primarily refers to emails.

Anti-spam methods

• o Preventive methods
• o The most reliable way to combat spam is to prevent spammers from finding out your email address. This is a difficult task, but some precautions can be taken.
• o Unfortunately, even such harsh measures do not provide a complete guarantee that the spammer will not learn the email address. Methods of collecting addresses include using viruses to hunt for contact lists of users. Viruses exploit flaws in known email programs and send addresses from the contact list to the attacker or independently send copies of unwanted messages to these addresses.
• o Automatic filtering
• o There is software (software) for automatically detecting spam (so-called filters). It can be intended for end users or for use on servers. This software takes two main approaches.
• o The first is that the content of the letter is analyzed and a conclusion is made whether it is spam or not. If an email is classified as spam, it can be flagged, moved to another folder, or even deleted. Such software can run both on the server and on the client's computer. With this approach, you do not see filtered spam, but you continue to fully or partially bear the costs associated with its reception, since the anti-spam software in any case receives every spam message (spending your money), and only then decides whether to show it or not. On the other hand, if the software runs on a server, you do not bear the cost of copying it to your computer.
• o The second approach is to use various methods to identify the sender as a spammer without looking at the body of the letter. This software can only run on a server that directly receives letters. With this approach, it is possible to reduce costs - money is spent only on communication with spam mail programs (i.e., refusals to accept letters) and calls to other servers (if any) during verification. The payoff, however, is not as big as one might expect. If the recipient refuses to accept the letter, the spam program tries to bypass the protection and send it in a different way. Each such attempt has to be reflected separately, which increases the load on the server.

Automatic filtering methods

Automated filtering software uses statistical analysis of email content to decide whether it is spam. The greatest success has been achieved with algorithms based on Bayes' theorem. For these methods to work, you need to "train" the filters, that is, you need to use manually sorted letters to identify the statistical features of normal letters and spam.

Non-automatic filtration

Many programs and email services on the Web allow the user to define their own filters. Such filters can consist of words or, less often, regular expressions, depending on the presence or absence of which the message ends up or does not end up in the trash bin. However, such filtering is time consuming and inflexible, and also requires a certain degree of familiarity with computers from the user. On the other hand, it allows you to effectively filter out some of the spam, and the user knows exactly which messages will be filtered out and why.

Blacklists. The blacklists include the IP addresses of computers known to send spam from them. Lists of computers that can be used for distribution are also widely used - "open relays" and "open proxies", as well as lists of "dialups" - client addresses that cannot have mail servers. You can use a local list or a list maintained by someone else. Due to the simplicity of implementation, blacklists have become widespread, the query to which is carried out through the DNS service. They are called DNSBL (DNS Black List). This method is currently not very effective. Spammers find new computers for their purposes faster than they can be blacklisted. In addition, several computers sending spam can compromise an entire mail domain or subnet, and thousands of law-abiding users will be deprived of the ability to send mail to servers using such a blacklist indefinitely.

Mail server authorization. Various methods have been proposed to confirm that the computer sending the letter really has the right to do so (Sender ID, SPF, Caller ID, Yahoo DomainKeys, MessageLevel), but they have not yet become widespread. In addition, these technologies limit some common types of mail server functionality: it becomes impossible to automatically forward correspondence from one mail server to another (SMTP Forwarding).

A common policy among providers is that clients are allowed to establish SMTP connections only with the provider's servers. In this case, it becomes impossible to use some of the authorization mechanisms.

Greylisting The greylisting method is based on the fact that the "behavior" of spam software differs from that of regular mail servers, namely, spam programs do not try to resend an email when a transient error occurs, as required by the SMTP protocol. More precisely, trying to bypass the protection, on subsequent attempts they use a different relay, a different return address, etc., so this looks to the receiving side as attempts to send different letters.

The striking point of many application layer protocols is that they are simple. TCP based protocols mainly use commands and responses in text format, which makes them more convenient for users to understand and programmers to implement.

To further illustrate, we'll look at two protocols that can be used every day to send and receive email: SMTP and POP3.
Simple Mail Transfer Protocol: SMTP
Simple Mail Transfer Protocol (SMTP) is one of the most respected internet protocols. Developed in the early 1980s, its functions are cleanly and easily communicated over email and between networks and other transport systems. Thus, its use need not necessarily be restricted on systems using the TCP / IP... Any communication system is capable of handling lines up to 1000 7-bit ASCII characters which can be used to execute messages over SMTP. On a TCP / IP network, however, TCP provides a transport mechanism.
V SMTP Sender is a client, and the client can communicate with various servers. Messages can be sent directly from a sending host to a receiving host requiring a separate TCP connection and every copy of every message must be made. However, multiple mail recipients can run their own server. SMTP.
This is most typical for the appointment SMTP messages, a server that serves a group of users, such as internet domains. The server receives all mail destined for users and then allows them to collect using POP3 (Post Office Protocol version 3) or other postal protocols. Moreover, most SMTP clients send messages to one "smart host" server, whose job it is to relay these messages to their possible recipients.
Transactions SMTP start when the sender client opens a TCP connection to the receiver using the known port number 25. The server recognizes the connection by sending back a message like “ 220 SMTP Server Ready«. SMTP uses a similar FTP response format that we discussed earlier. The received three-digit code, the client software should answer if everything is OK. This article is to help people who might be able to troubleshoot by analyzing the transaction log. The Application Protocol Code Replies window contains more information on the response message codes.
Server SMTP may refuse communication by sending back a message with a response code "421 Service unavailable". For instance, SMTP the server of the ISP, provided for its subscribers to transmit outgoing mail, may refuse to communicate with the host, whose IP address indicates that it is not an ISP subscriber. Basic SMTP protocol has no form of access control - the way it can be used to pass messages and that makes it impractical - so that's the only way ISPs can prevent non-subscribers, such as spammers, from using their mail servers to send messages.
After receiving confirmation of the correct sender characters to the server, the server sends the "HELO name" string. HELO is the sign for the command and the name is the hostname. As we will see, the hostname is used in the revision: header, the server adds a message when it sends it along its path. This information allows the recipient to trace the path through the message.
Sending server
When the sender receives a "250 OK" acknowledgment, he can start sending messages. The protocol is extremely simple. All senders have to do is tell which messages are supposed to supply the content of the message.
The message is set using the "MAIL FROM" command: