Introduction
When the email is sent
over the internet, it goes through many protocols. The Email is sent from the sender and goes to the
destination that is the receiver. The number of services
of the internet is being used for the email
to be sent and delivered to the destinations. The
server plays an important role in sending an email where the email is stored
and when the client is connected to the internet is gets delivered.
Let's take an example
of bob and mary when Bob types the email content and sends to
sending server using a protocol called SMTP. On the sending server side, it
performs lookup protocol for exchanging records of receiver server. The server
like DNS responds with the mail exchange server for the domain. After the mail is received
by the sending server, it forwards to the
receiving server. The receiver server delivers the mail to the message box of
the receiver like gmail, yahoo mail.
DIAGRAM:
Fig 1 - Email (sender
to receiver)
Architecture
The email is a system for communicating,
and it requires several hardware and software. The architecture of email is composed of a several path of transfer and number of protocols are being
followed. With the creation of email its life cycle begins and email passes through several entities i.e. nodes. The
software on the application layer like TCP/IP defines such nodes. The email
might not require the SMTP for its
operation and to reach the destination. These are different components used in the architecture of email, and that is
given below:
Message agent
The Message user agent is
the applications that receives the mail and send the mail on the behalf of the
users. There involves a mediator as well;
it performs message reporting for better performance. This agent is a software package that is functional in the user
side systems. The user is allowed to
create, compose and read the message on it. The message agent like outlook can
give the direct path of sending and
receiving the mail.
Diagram:
Figure 1 - Email journey with the
message agents
The message transfer agents get
the email when it is sent from MUA or
MTA. As shown in the diagram, the SMTP is the protocol through that the email is sent from one end to the other end. The MTA
receiver embeds the trace header field to the received mail on the top of the message. The protocol gives the next hop for the MTA. In these days the due to increased number of spam these have been a problem
on the email servers. Hence, the servers
have made necessary changes in the
protocol of sending the message and receiving.
Email Store
It is like a database that stores the message for a longer time for message agents. The Email store is used by the message agent by
two ways; They are POP and local. The
organization mostly use data center for the storage of the mail that are being
transferred all over the world, and it is
huge on the side. The data centers keep
the emails and copy of it with necessary details. The database of the
particular user is maintained with all his/her email. Database managers are appointed
for the mail servers, and its maintenance is
done with them. This database like
Virtual posts
office.
Email Submission agents
It is a computer software and acts as an agent for the end user
that receives the email. This agent takes the message and applies the policies
of the hosting with checking off the requirements. This is done to
the standard of the internet. The submission agents check the files on the email like header and message in the
message field etc. The MTA can also perform the operation of MSA. When the
sender sends the mail, it goes to the MSA and then to MTA of the sender. The
Message is exchanged over mail and the
receiver side MDA is provided with the email that can be opened on the receiver
side. All these process is carried out on the internet as given in the diagram.
Figure 2 - Mail sent over the Internet
Email transfer agents
It is software that makes the email transfer from one system to other. The mail relay is software that handles
the mail to be sent from one to another. It follows the mail transfer protocol. The DNS
combines and connects the mail server to
the domain with the help of mail exchanger.
Mail delivery agent
The mail delivery has the purpose
of accepting the mail that is being delivered.
The email is reached with the help IP
addressing. The internet consist of the local message delivery features that is facilitated
by the message transfer agent and storing mail servers. The mail delivery
agents handle the delivery of the mail. The UNIX system is one of the most popular mail delivery agents in the current
world.
Relay
These are nodes that operate
the Email relay. It is one of the processes
of getting the email from the other email nodes. It implements the protocols of
packet switching and Ip Routers. The protocol is
defined for finding the path to the destination on the internet that involves all the domain and the MTA and another email in fractures.
Web server
These are also nodes that implements email web server and
provide web environment. This web server
acts as the program that used Hypertext Transfer
and its protocols. These files are served to the user as web pages to make it
easier for the user to create, send, read, compose and receive the mail. It handles
communication between client and server. The Pages are believed in the form of HTML. The collection of the web server is
being used nowadays by the companies for the high performance of mail
web servers.
Figure 3 - Collection and Collaborated Web servers
E-mail Data and Identity
The email uses these identities,
and it is being used all over the world and has unique value they are:
message-ID, mailbox, domain, name and Environment id. All these are on a mail that is reached
to the destination. Without these, it's not possible to communicate with email. The
identity like email address contains some
names where @ separates the domain name
and the username. Similarly, various
identity is crucial in the email and its
operations. Many organization use the data from the email that are being
deleted and it done with the Email data. These data are crucial in the marketing field that provides the information about
the marketing. The industry keeps such
raw data to get a better grasp on the information. The data are found to be at a huge amount that are all analyzed and well used for different purpose.
The email identity deals with the finding of the person who is sending the
email. In the security, the sense the
email could have some spending that contains malicious software like Trojan
horse and viruses. The sending could be hidden
by thousand of the deep layer of email
that is being sent over the internet. The
virus forwards such email one from another and the actual sender gets too far
from the detection. Therefore, the identification of such sender is necessary as security purpose as well. The technique that
can be used for the identification is email reverse lookup. The email setup could
also be done in order to find the actual
sender from where is originated. All
these are possible and are found be implemented
in the email forensic by the industry that are based on security. This data and its identity create a problem
as the hackers could get into the files and use the information to the users. The information that are stored over
the internet is never safe. The cloud is used
for storing purpose of email and other relevant data. Cloud is made secured
with some technique including encryption,
decryption, and authentication. This technique is
followed to get the secure access and storage of data.
Email threats
The malware is sent
over the internet and is frequent. The
technique is implemented to detect such
intrusion. Email is one of the most used facility that are used to transfer
data over the internet. The hackers
target users using email. The email addresses are being sold by the
organization to the commercial purpose
that makes it vulnerable and public to
the hackers. A Huge amount of mail is being sent for commercial purpose with
information regarding advertisement of goods. The email could contain some fake website links of the bank that user uses are phished. The continuous attacks are being done with the email.
The threats are on the network security.
Spam
The number of spam mail is too huge, and it covers 95% of the mail. The spam mail sender gets the
information of the user from newsgroups
and other web operators. These mail address are being sold to them, and they send hundreds of spam mail to a
single user. The number of issues is given
below:
- Congestion on network
- Clutter
- Virus, trojan horse, etc
Spoofing
The attacker does the spoofing by sending the email pretending to be some we are known with. This forging is done by sending a letter as the email
with known email address. This is found
to be easy and it difficult to trace.
Phishing
Emai also contain the phishing sites that act
as the weapon for the hacker to identity theft.
This is done to get information about the
banking and codes. The financial information is the main target of such email.
Such email is found to be very authentic,
and exactly the same page as the bank is displayed. The user who is new to such
banking gets trapped on the Phishing sites and become the victims.
Email bombing
This is sending the huge
amount of email over the Internet to the
particular user that creates the system vulnerability.
This creates overflow on the mailbox where
the denial of service attack is held.
This technique helps in other hacking
technique for the attacks.
Mass mailing on the particular address by duplicating the same mail again and again and
sent to over. This can be detected by the
spam detector as it has similar function
and headers.
Zip bombing is an another
type of email bombing that can implement
over email. This technique took
popularity after the mailing servers started to check for the mail with the filtering
software.
Forensic Techniques
The technique of finding the source and the content of the
email is called forensic email. This technique
is also the study of the all the basic information about the email. This does the preservation,
documentation and extraction of the evidence on the email. This forensic
technique is the science that relates the law related to the crime on the
internet. There are Six categories of
digital forensic that includes a network. There are many techniques. They are as given
below:
Analysis of email header
The email body has the data,
and it contains the header. The
header is always followed by its body. The header consists of
information about the sending and the
path of the message to travel it back if it doesn’t
receive. Whereas
some header consists of From to and the data section of headers. The very
common consists of subject and CC, which is
followed by the stamps and other stamps
of mail transfer agents. The header always provides
the routing information and hence its analysis is necessary to know about its
sender. The email transfers through mail
transfer agents that are stamped with a data every time mail get sent.
Similarly, when one mail is sent over some persons,
it gets some receiver header on it. The
mail user agents set up the header, and these are in particular format. The
header could be manipulated, and it is
found to be, so the message is said to be
forged.
Fingerprints of Sender analysis
The sending leaves some identify, and
that is identified bit the tools. The receiving header field handles the email. This technique gives
and finds the trace path of the message and is
used in identifying of phishing.
Bait tactic analysis
It analyzes the ing source that has a picture
and computer monitors. The investigation of Bait tactic is done on the <img src> tag. The email is opened, and the log containing the IP address is recorded with the host and its
sender. When the proxy server is used in
sending the email or the image, the Server’s IP is recorded. When the server
logs are not given, the detector might
use the tactic email that contains Java
applet that get run on the server computer and provide the IP address to the
detector.
Investigation
of server and its analysis
The server that store the mail is investigated. This investigation
is based on finding the server to know
who sent the mail. The servers keep the record of the email and a copy of it.
The log file is maintained on the server
that has the information about he email sent over. This analysis is used to know
where and from wich computer it was sent from.
It is found that some of the servers don’t cooperate with the investigation.
Embedded identifiers analysis
These identifiers give the detail about the creator of the mail and finds the information
about the composting of the mail. The
information could be included in the
header and other MIME contents. The investigation
of the email and its sending carried out with his system gives the vital
information about the sender. This information
could be automatically added by the software
the sender uses over to send the email.
Forensic Tools Used for Email
For the forensic of email, there are some tools available that provides the content of email and prevents the attacks. These makes the much security earlier
and stop being harmful to others. These tools are being used in browsers format and many other functionalities.
MailXaminer
It is a software one of the
best among the forensic tools that perform data collaboration and access.
The range of support for this software is
found to be higher than others. This searches and examines the data of the
email with all the necessary information for the email forensic.
The tool is used for
analyzing the email data with multiple functionalities.
MxToolBox
This software tests and lists the domain according to the priority order. The lookup for the mail sender is done against the domain’s authoritative name server. The mail servers are provided by the software.
This tool also allows the IP address to against hundred of DNS.
Aid4Mail Fookes
This mail software is available in few number of editions
like Home, professional and other two. The gives features as following:
- · User-friendly
- · Accuracy in email
- · Good processing
- · Separate processing for email
- · Email address extraction and attachments with the country
Email Tracer
This software is implemented
for the cyber forensic in India. The India is one of the most advanced countries in the field of IT industry with high number crimes being held. The
development of cyber forensic tools is
being developed on the basis of current
issues in the Indian cyber crimes. This
email tracer is developed to trace the email and its origin with the appropriate details that are needed to catch hacker or cyber criminals.
The message is analyzed, and the original IP is found by this software. This
software gives the completed detail about
the sender including the city and other relevant information.
Adcomplain
This tool is used for reporting
the inappropriate email that are sent for
commercial purpose to millions of user all over the world. This also detects such email that are fake
targeting the user to click the image or the links. This tool automatically analyzes the mail and make a report that is
further provided with the servers.
The server blocks the mail that does such activities in abusing the users. The
United States of America’s federal trade commission reads the report and take a
necessary approach on such activated.
All these tools have
only one target that is to find the source
of the sender. A smart sender is very
difficult to find, and that creates more
and more problem in the email security. The detection of such activity is found
to be tougher across the internet. These tools use
some technique and analyze the header and
whole body of the particular email. The email that contains harmful data care detected and the system is protected. Similarly, the anti-virus is also being used for the email that runs on the mailing server. It detects the virus
on the email and blocks the particular mail. The mailing server also gives the
facility of spam blocking and other email
address or IP address blocking option. The message is properly analyzed with the tracking
of IP addresses.
Conclusion
The information is shared
through internet and email is one of the most used way of communication
nowadays. The application or the web based server are used most frequently, and
millions and trillions of email are being exchanged on the daily basis. The
increase in some email being sent and
received has also increased the security
problem that is being faced by the organization that provides such facilities like
gmail, yahoo, and others. The email is
also being used as one of the tools to
attack the other user that are connected to the internet. The email could also have sensitive information
regarding the financial and other banking details. Even though the email are
found to be encrypted with most advanced
encryption techniques, there is a chance
of its compromise that is done by using a man
in the middle. The email could contain malicious
software as a virus, trojan horse, etc. The number of spam has also been increased over the internet. The attackers
hide over and over by applying the technique of sending email from on host to another host. All these could be detected, and the criminal can be caught that
bring the stability in the internet security with related to email. The email
has some fields when seen in detail. The
header, body, and other sections have the information. These data fields have information regarding sender IP address
and also the related information. The
analysis of these fields gives the
required information. The email forensic is
widely used for finding such criminals over the internet and is helpful. The paper gives the detail information
about the architecture of email and its life cycle.
No comments:
Post a Comment