Email, as simple as it is to use, relies on a more complicated set of operating procedures than that of the Web. For most users, its operation is transparent, which means that it is not necessary to understand how email works in order to be able to use it.
However, the short introduction below has been provided to help users understand its basic principles, give them an idea of how to best configure their email clients and inform them about the underlying mechanisms of spam.
How email works
Email is based around the use of electronic mailboxes. When an email is sent, the message is routed from server to server, all the way to the recipient’s email server. More precisely, the message is sent to the mail server tasked with transporting emails (called the MTA, for Mail Transport Agent) to the recipient’s MTA. On the Internet, MTAs communicate with one another using the protocol SMPT,and so are logically called SMTP servers (or sometimes outgoing mail servers).
The recipient’s MTA then delivers the email to the incoming mail server (called the MDA, for Mail Delivery Agent), which stores the email as it waits for the user to accept it. There are two main protocols used for retrieving email on an MDA:
- POP3 (Post Office Protocol), the older of the two, which is used for retrieving email and, in certain cases, leaving a copy of it on the server.
- IMAP (Internet Message Access Protocol), which is used for coordinating the status of emails (read, deleted, moved) across multiple email clients. With IMAP, a copy of every message is saved on the server, so that this synchronization task can be completed.
For this reason, incoming mail servers are called POP servers or IMAP servers, depending on which protocol is used.
To use a real-world analogy, MTAs act as the post office (the sorting area and mail carrier, which handle message transportation), while MDAs act as mailboxes, which store messages (as much as their volume will allow) until the recipients check the box. This means that it is not necessary for recipients to be connected in order for them to be sent email.
To keep everyone from checking other users’ emails, MDA is protected by a user name called alogin and by a password.
Retrieving mail is done using a software program called an MUA (Mail User Agent).
When the MUA is a program installed on the user’s system, it is called an email client (such as Mozilla Thunderbird, Microsoft Outlook, Eudora Mail, Incredimail or Lotus Notes).
By default, and for historical reasons, it is not necessary to authenticate oneself to send email, which means that it is very easy to falsify one’s own address when sending mail.
For this reason, nearly all Internet service providers lock down their SMTP servers to that only their subscribers can use them, or more precisely only machines whose IP address belongs to the ISP’s domain. This explains why travelling users must modify the outgoing server settings in their email clients each time they move to a new home or business.
When an organization’s email server is improperly configured and allows third-party users on any network to send emails, this is called an open relay.
Open relays are generally used by spammers, as using them hides the true origins of their messages. As a result, many ISPs keep an up-to-date blacklist of open relays, to keep subscribers from receiving messages from such servers.