2.8. Mail protocol family

2.8.1. Introduction

2.8.1.1. SMTP

SMTP (Simple Mail Transfer Protocol) is a protocol for e-mail transfer, a set of specifications for transferring mail from source addresses to destination addresses. The port number is 25 when SSL is not enabled, and the port number is mostly 465 or 994 when SSL is enabled.

2.8.1.2. POP3

POP3 (Post Office Protocol 3) is used to support remote management of e-mail on the server using the client. The port number is 110 when SSL is not enabled, and the port number is mostly 995 when SSL is enabled.

2.8.1.3. IMAP

IMAP (Internet Mail Access Protocol), the Interactive Mail Access Protocol, is one of the standard mail access protocols similar to POP3. The difference is that after IMAP is enabled, the emails you receive on the email client remain on the server, and operations on the client are fed back to the server, such as deleting emails, marking as read, etc. Mail will also do the corresponding action. The port number is 143 when SSL is not enabled, and the port number is mostly 993 when SSL is enabled.

2.8.2. Protection strategy

2.8.2.1. SPF

The Sender Policy Framework (SPF) is an email authentication mechanism used to confirm that an email is sent from a domain-authorized mail server, preventing phishing or spam from being spoofed. SPF allows administrators to set a DNS TXT record or SPF record to set the IP range of the sending mail server. If any mail is not sent from the authorized IP address specified above, it is likely that the mail is not really from the real sender sent.

2.8.2.2. DKIM

DomainKeys Identified Mail (DKIM) is a method of detecting email sender address forgery. The sender inserts the DKIM-Signature in the header of the email, and the recipient verifies the sender’s information by querying the public key in the DNS record.

2.8.2.3. DMARC

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol that resolves the inconsistency between the domain name displayed in the mail bar and the verified domain name. To pass the DMARC check, SPF or/and DKIM must be authenticated, and the domain name in the header address must match the authenticated domain name.

2.8.3. Reference Links

2.8.3.1. RFC

• RFC 4408 Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1

• RFC 6376 DomainKeys Identified Mail (DKIM) Signatures

• RFC 7208 Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1

• RFC 7489 Domain-based Message Authentication, Reporting, and Conformance (DMARC)

• RFC 8301 Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)

• RFC 8463 A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)

• RFC 8616 Email Authentication for Internationalized Mail

• RFC 8611 Mail

2.8.3.2. Related Documentation

• Sender Policy Framework wikipedia

• DomainKeys Identified Mail wikipedia

• DMARC wikipedia

2.8.3.3. Research articles

• Composition Kills:A Case Study of Email Sender Authentication