Вы находитесь на странице: 1из 11

Electronic mail, most commonly referred to

as email or e-mail . It is a method of

exchanging digital messages from an author
to one or more recipients.

Email security is a broad term that
encompasses multiple techniques used to
secure an email service.
From an individual/end user standpoint,
proactive email security measures include:
Strong passwords
Desktop-based anti-virus/anti-spam

Similarly, a service provider ensures email
security by using strong password and access
control mechanisms on an email server;
encrypting and digitally signing email
messages when in the inbox or in transit to
or from a subscriber email address. It also
implements firewall and software-based
spam filtering applications to restrict
unsolicited, untrustworthy and malicious
email messages from delivery to a users

SMTP stands for Simple Mail Transfer Protocol
DEFINITION :- It's a set of communication
guidelines that allow software to transmit
email over the Internet.
INTRODUCTION :- Most email software is
designed to use SMTP for communication
purposes when sending email, and It only
works for outgoing messages.

The actual communication is below (S: stands for
server and C: stands for client).

S: 220 smtp2go.com ESMTP Exim
C: HELO mydomain.com
S: 250 Hello mydomain.com
C: MAIL FROM:amisha.hans@gmail.com
S: 250 Ok
C: RCPT TO:<ashima.adya@gmail.com>
S: 250 Accepted
S: 354 Enter message, ending with "." on a line
by itself

C: Subject: meeting
C: From:amisha.hans@gmail.com
C: To:ashima.adya@gamil.com
C: Let's get together Monday at 1pm.
C: Goodbye.
C: .
S: 250 OK
S: 221 www.sample.com closing connection

Primary goal of PEM is to add security
services for e-mail users in the internet
Began in 1985 as an activity of the Privacy
and Security Research Group (PSRG)
Defined in RFCs 1421/1422/1423/1424
Consists of extensions to existing message
processing software plus a key management

Uses symmetric cryptography to provide
(optional) encryption of messages
The RFCs strongly recommend the use of
asymmetric cryptography (for digital
signatures, certificates and encryption of the
symmetric key) because of its ability to
support vast distributed community of users
The use of X.509 certificates is the base
for public key management in PEM
This certification hierarchy supports
universal authentication of PEM users

SMTP canonicalization
Digital Signature
Base 64 encoding
PEM represents a major effort to provide
security for an application that touches a vast
number of users within the Internet and beyond
PEM was designed to have backward
compatibility with existing mail system
PEM depends on a successful establishment of
the certification hierarchy that underlies
asymmetric key management
Problem : PEM does not support security services
to multimedia files (MIME)