This chapter deals with the issues concerning e-mail communication security. We analyze the most popular security mechanisms and standards related to the e-mail communication and identify potential threats and vulnerabilities. The most significant drawback of all current approaches is the impossibility of keeping headers information authentic. This leads to possible impersonation attacks and profiling of the e-mail communication, and encourages spam and phishing activities. Furthermore, none of the currently available security mechanisms supports partial signature generation of the e-mail content by distinct signers, which might be useful in commercial scenarios. To handle these problems, we suggest a new approach, called XMaiL, which can be considered as an advanced email security mechanism based on the popular XML technologies. The proposed XMaiL supersedes all currently available e-mail security standards in the sense of the higher flexibility and security.
Plain E-Mail Formats And Transmission Protocols
The current plain e-mail format, without any protection mechanisms, results from the general Internet Message Format in RFC 2822. According to this format, a message transmitted over Internet (and e-mail is treated as such) consists of two main parts: the header part, and the body part. The header part consists of various headers, each containing some specific information (the header name and its content is separated by a colon). Table 1 summarizes the most used headers.Table 1.
|From||Specifies the author(s) of the message|
|Sender||Specifies the mailbox of the agent responsible for the actual transmission of the message. If more authors are specified in the field From, the field Sender must be shown.|
|To||Specifies the primary recipients of the message.|
|Cc||Specifies the addresses of others who are to receive the message, though the content of the message may not be directed to them.|
|Date||Specifies the timestamp of the e-mail submission to the delivery system by the sender.|
|Subject||Specifies a string identifying the topic of the message.|
Key Terms in this Chapter
S/MIME: Secure MIME. S/MIME allows sending signed and encrypted e-mail.
Secure E-Mail: A signed and encrypted e-mail. The most two popular mechanisms are S/MIME and PGP.
XMaiL: XML e-mail, a new e-mail format based on XML (defined in this chapter).
Canonicalization: A method brings the input data to a normal form.
SOAP: A mechanism for interapplication communication between systems written in arbitrary languages. The message is an XML document with the root element .
XML Security: A series of standards that define security properties in XML format, such as XML Signature and XML Encryption.