E-mail: The most insecure service on the Internet
E-mail is one of the services that came into being when the Internet appeared, adopting several people to use it.
In the past, only those who had an account with an Internet provider had access, but with the popularization of the Free Internet, and a series of revolutions that started to happen around the end of the 90s, many of these services became free.
However, this service does not go hand in hand with Information Security, and this is one of the most widespread protocols for viruses, worms, Trojan horses, spam, among others.
1. What is E-mail
An e-mail is a service on the Internet that allows people to communicate through electronic messages, being a digital alternative to traditional letter mail.
The way of sending the message is performed by computers that are constantly connected to the Internet, and thus during the time disseminating the messages to their respective destinations.
Every e-mail user has a user's mailbox, which is his identification on this computer, and this computer is exclusively related to his domain on the Internet.
We can have a domain to have a website on the Internet, or just for E-mail, as the services are directly linked.
2. Operation
When sending a message, you need the user who corresponds to a valid message box on the destination server, example: "[email protected]", where so-and-so is the name of the user's mailbox and example.com is the destiny.
When the user clicks "send", the system forwards the message to the message delivery server, called SMTP (Simple Mail Transfer Protocol).
The message is forwarded by opening the connection on this server through the port from which the SMTP server was configured. This port is usually port 25 by default, 465 or 587.
There is a resolution by the Internet Steering Committee to block port 25 for data output by all residential users, for more information click here.
3. Protocol communication example
Here is an example of communication through port 25:
220 Bem vindo ao servidor ESMTP
HELO textotexto
250 ok
MAIL FROM:<[email protected]>
250 ok
RCPT TO:<[email protected]>
250 ok
RCPT TO:<[email protected]>
250 ok
DATA
354 ok
Olá, eu estou apenas dizendo um bom dia e um bom serviço!
.
250 Salvo com sucesso. #902487694.289148.12219.
This is the first connection that occurs, after this, the server will have to resend the message to the correct destination message server, then it will look in the DNS records for any MX record for the domain specified in the email address, and contact the server using the IP address obtained with an example similar to the one below:
220-burns0051.correio.bizESMTP PostfixEHLO exemplo.com.br250-burns0051.correio.biz250-PIPELINING250-SIZE 45000000250-ETRN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSNMAIL FROM:<[email protected]>250 2.1.0 OkRCPT TO:<[email protected]>250 2.1.5 OkDATA354 End data with <CR><LF>.<CR><LF>
This is a unique teste message..250 2.0.0 Ok: queued as 9543DF6223
After that, the message will be forwarded as soon as possible to the user's mailbox to the POP (Post Office Protocol) server. Usually the same application responsible for SMTP, is also responsible for the POP service and is automatically responsible for saving the message until the user connects and collects the message.
4. Security breaches in service
As you can see, to send messages so far, there has been no encryption, that is, it is possible to send these pure texts through direct connection programs, such as Telnet, Putty, and other Terminal programs.
As a result, many malicious programs installed on semi-dedicated servers or shared hosting services dump many unwanted emails across the Internet, spreading viruses and contaminating many computers.
Another very fragile service is the Microsoft message communicator, where it also does not offer encryption in the traffic of messages being visible on the network by any network sniffer program.
A good practice in the email service is to always choose the use of TLS encryption if possible as they help to protect the messages between your PC and the message delivery server a little more, but there is no encryption beyond this level, being a weak in security until the message reaches its final destination.
More information: http://cr.yp.to/smtp/mail.html
No comments