LESSON 9 E-MAIL SECURITY part I

Table of Contents

9.0 Introduction

9.1 How E-mail Works

9.1.1 E-mail Accounts

9.1.2 POP and SMTP

9.1.3 Web Mail

9.2 Safe E-mail Usage Part 1: Receiving

9.2.1 Spam, Phishing and Fraud

9.2.2 HTML E-Mail

9.2.3 Attachment Security

9.2.4 Forged headers

9.3 Safe E-mail Usage Part 2: Sending

9.3.1 Digital Certificates

9.3.2 Digital Signatures

9.3.3 Getting a certificate

9.3.4 Encryption

9.3.5 How does it work？

9.3.6 Decryption

9.3.7 Is Encryption Unbreakable？

9.4 Connection Security

目錄

9.0 簡介

9.1 E-mail的工作原理

9.1.1 E-mail賬戶

9.1.2 郵局協定和簡單郵件傳輸協定

9.1.3 網頁郵件

9.2 安全郵件使用 第一部分：接收郵件

9.2.1 垃圾郵件和詐騙郵件

9.2.2 超文本電子郵件

9.2.3 附件安全

9.2.4 僞造的郵件标題

9.3 安全郵件使用 第二部分：發送郵件

9.3.1 數字認證

9.3.2 數字簽名

9.3.3 獲得執照

9.3.4 加密

9.3.5 怎樣工作的？

9.3.6 解密

9.3.7 解密工作難攻克嗎？

9.4 聯機安全

9.0 Introduction

Everyone uses e-mail. It is the second most used application on the internet next to your web

browser. But what you might not realize is that a significant portion of network attacks and

compromises originate through e-mail. And with respect to your privacy, misuse of e-mail has

the potential to disclose either the contents of your message, or give a spammer information

about you. The purpose of this module is to give you information on how e-mail works, safe email

usage, e-mail based attacks, and security strategies for e-mail.

9.0 簡介

幾乎每個人都使用電子郵件。它是網際網路中除了網絡浏覽器外用得最多的應用程式。但你可能不會了解網絡攻擊行為和源頭有很大一部分都是通過電子郵件。為了保護你的隐私，對電子郵件的錯誤操作可能不僅會暴露你發送郵件的内容，也會發送出關于你的一些資訊。這個子產品講述的目的是給你介紹電子郵件工作原理，安全郵件使用方法，依靠電子郵件發動的攻擊，以及關于電子郵件的安全使用方法。

9.1 How E-mail Works

Just like airmail is sent through the air, 'e'-mail is sent through the 'e' – the 'e' in this case being

the web of electronic connections within and between the networks that make up the

Internet. When you send an e-mail from your computer, the data is sent from your computer

to an SMTP server. The SMTP server then searches for the correct POP3 server and sends your

e-mail to that server, where it waits until your intended recipient retrieves it.

9.1 E-mail的工作原理

航空郵件是通過飛機運送的，一樣的，電子郵件是通過電運送的---這裡的“電”是指組成網際網路的網絡中的各種電子連接配接網頁。

當你用你的電腦發送一封郵件，資料就被發送到了簡單郵件傳輸協定的伺服器上。之後該伺服器查找相應的郵局通信協定伺服器，将你的電子郵件發送過去，直到你發送的接收使用者接收為止。

9.1.1 E-mail Accounts

E-mail accounts are available through many different sources. You may get one through

school, through your work or through your ISP. When you get an e-mail account, you will be

given a two part e-mail address, in this form: [email protected]. The first part,

username identifies you on your network, differentiating you from all the other users on the

network. The second part, domain.name is used to identify your specific network. The

username must be unique within your network, just as the domain name must be unique

among all the other networks on the Internet. However, user names are not unique outside of

their networks; it is possible for two users on two different networks to share user names. For

example, if there is one user with the address [email protected], there will not be another

user on bignetwork.net whose user name is bill. However, [email protected] and

[email protected] are both valid e-mail addresses that can refer to different users.

One of the first things that you will do when you are setting up your e-mail is to enter your email

address into your e-mail client program. Your e-mail client is the program that you will use

to send and receive e-mails. Microsoft's Outlook Express may be the most widely known (since

it comes free with every copy of a Microsoft operating system), but there are many others

available for both Windows and Linux, including Mozilla, Eudora, Thunderbird and Pine.

9.1.1 電子郵件賬戶

電子郵件賬戶可以通過各種方式建立。可以通過學校，工作或者ISP。當你建立了一個電子郵件賬戶後，你就會得到一個由兩部分組成的電子郵件位址，以下面這種形式：[email protected]。第一部分，通過使用者名在網絡中識别你的賬戶，第二部分，域名是用來識别你使用的網絡。使用者名必須是唯一的，就像域名在網際網路中所有網絡中都必須唯一一樣。使用者名可以在不同的網絡中重複使用，不同網絡中的兩個使用者可以使用同一個使用者名。例如，如果一個使用者的郵件賬戶位址是[email protected]，在bignetwork.net中就再不能有使用者名為bill的郵件賬号，但是，[email protected]和[email protected]卻是兩個有效的郵件位址。當你對你的電子郵件進行管理時，第一件事就是登陸你的郵件用戶端。該用戶端是你進行收發郵件的地方。Microsoft的Outlook Express可能是最有名的郵件用戶端了（自從它被免費的裝載到每一台新的電腦上），但是Windows和Linux都有其它很多有用的電子郵件用戶端，包括Mozilla, Eudora, Thunderbird 和 Pine.