A Brief E-Mail Primer
A Note About E-mail Security
Table of Contents
The downside to all this openness (you knew there had to be a downside) is that it also makes it easy for the malicious and the malevolent to get into all kinds of mischief. By studying the published standards for how the Internet works, crackers (as hackers who've succumbed to the dark side of the Force are called) can apply their knowledge of programming and computer systems to compromise these systems and bypass the normal Internet operating procedures.
In the e-mail world, this situation leads to two major security issues: privacy and authenticity.
Internet e-mail suffers from a similar problem. When you send a message, it doesn't travel directly to the recipient; instead, it must first pass through a number of other systems (as described in the How Does the Internet E-Mail System Work? section). Recall the analogy I used earlier in which I likened a message traveling through the Net to driving from one city neighborhood to another along a system of roads and highways. Well, on the Net, these roads and highways often have "checkpoints" that messages must pass through in their journey. These checkpoints are just computers on some other network, and at each stop there's always the possibility that someone with enough know-how could intercept your message, read it, and then send it on its way. Neither you nor your recipient would ever be the wiser. In this sense, using Internet e-mail is no different from sending snail-mail messages on the back of a postcard.
The Authenticity ProblemYou might recall a famous story from the '70s in which the sportscaster Howard Cosell was doing a Monday Night Football broadcast and received what he thought was a call from the boxer Muhammad Ali. At the time, Ali was in Zaire preparing to fight George Foreman, so this was a real coup for Cosell. In fact, he even did a brief interview with Ali right on the air to a nationwide TV audience. Much to Cosell's chagrin (not to mention his embarrassment), the call turned out to be a hoax (the caller was actually somewhere in the Midwest, I think).
This brings us to the second e-mail security problem: authentication. When you receive a message, the header's From line tells you the e-mail address of the person who sent the missive. Or does it? The Internet e-mail system is such an open book that it's ridiculously easy to forge other people's e-mail addresses! Now, obviously, if you get a message from firstname.lastname@example.org or email@example.com, you can pretty well guess you're dealing with a forgery (depending on the social circles you run in). But if you get flamed by a total stranger, or if someone you know inexplicably asks for your credit card number, there's no way to tell whether the message is on the up-and-up.
Wrong! I mean, you "hide" most of your paper mail inside an envelope, don't you? Does that make you a criminal? Of course not. And what if your e-mail dispatches include sensitive material such as payroll data, credit-card or Social Security numbers, financial info, research results, or trade secrets? You'll probably want to protect these decidedly noncriminal messages, so you have every right to be at least a little paranoid. And you can forget that "safety in numbers" argument. Someone looking for your e-mail messages wouldn't have to sift through the millions of dispatches that are posted daily. It's possible to scan mail messages passing through a site and do "keyword searches" to intercept those that contain particular words, phrases, names, or even e-mail addresses.
As for e-forgeries, it's true that they're still quite rare, if only because the necessary know-how is well beyond the skills of most Netizens. But, still, they do happen. A couple of years ago, some prankster forged a Microsoft press release stating that the company had bought the Vatican! The very idea sounds preposterous, but Microsoft actually had to put out its own press release to confirm that the other was a fake!
In the end, it comes down to a matter of principle. With more and more people jumping on the Net bandwagon every day, with the possibility that all correspondence will be done via e-mail getting closer and closer to reality, and with the prospect of Net financial transactions looming large, e-mail security will have to become as much of a "right" as the privacy we enjoy in our own homes.
The artwork displayed throughout this primer is Copyright © Judd Winick.
Copyright © 1995 - 2013 Paul McFedries and Logophilia Limited