Simple Mail Transfer Protocol [SMTP (Port 25)]
SMTP was introduced in 1982 as a communication protocol for email transmission. It consists a set of communication guidelines that enable email transmission over the internet. These guidelines include rules for communication between the servers. SMTP also provides the error management feature for incorrect emails.
SMTP Server consists of 2 things: UA (User Agents) and MTA (Mail Transfer Agents)
- UA: Used to form a mail.
- MTA: Used to transfer it.
- User Agent composes a mail that includes a header and body which is now sent to the SMTP server. Simple Mail Transfer Protocol runs on TCP port 25.
- The header part contains the email address of the receiver having username and domain. This is now sent to Mail Transfer Agent using Mail Submission Agent.
- If the sender and receiver have the same domain, Mail transfer takes place directly. But in case of a different domain, SMTP relay takes place I.e. when mail has to be exchanged from one MTA to another.
- It maps the MX record in DNS records with the target domain. Now the message exchange between servers takes place.
- Finally, after receiving the mail, Mail Delivery Agent (MDA) store it in a mailbox from where the user can retrieve it using the POP3 or IMAP protocol.
- HELP: Give all useful info for successful email transfer.
- QUIT: To quit SMTP connection.
- AUTH: For security purpose, Client authentication takes place using Login and Password.
- HELO: Used to start the conversation.
- MAIL FROM: Source email.
- RCPT TO: Email recipient.
- VRFY: Verify if the email exists.
- DATA: Content.
S: 250 smtp.example.com, OK
C: MAIL FROM: <firstname.lastname@example.org>
S: 250 Ok
S: 354 End with .
S: 250 Ok
S: 221 Bye
Attacks and Security
Direct Exposure: Emails are not encrypted and authenticated therefore messages are exposed. This can be secured either by using Secure MIME (Multipurpose Internet Email Extension). Secure Socket layer for SMTP is can help in securing the SMTP without the user`s involvement. Also, PGP (Pretty Good Privacy) minimizes the risk of data exposure.
Account Enumeration: In this attack, the attackers try to gather information about accounts and mailing lists using the account validation methods. To perform account enumeration, attackers use VRFY command through telnet therefore Disabling the VRFY and EXPN command prevents this attack.
Malware: The most common attack is a malware attack. Email may contain malware, worms, or virus to damage the servers. Anti-malware software helps to prevent systems from malware.
Intel recently introduced a new technology. To know more, Click here