EMAIL Forensics
SPF : Sender Policy Framework
DKIM : Domain keys identified mail
DMARC : Domain based Message Authentication Reporting and Conformance
Conformance is how well something, such as a product, service or a system, meets a specified standard
Important Terminologies :
MUA : Mail User Agent (Client application)
MTA : Mail Transfer Agent (mail-server)
MDA : Mail Delivery Agent (The inbox and the receiving side of the email)
SMTP Server : The server which is used to send the emails
The sender side SMTP checks for the receiving side SMTP
SMTP works on port 25
POP3(Post Office Protocol) , This automatically download the mails into the receivers hard-disk from the mail server
POP3 works on port 110
IMAP (Internet message accessing protocol)
Used to access the mail
IMAP works on port 143 and port 993 (over SSL)
IMAP is responsible for the accessibility of the mails across the devices.
Sample Email
Actual Process of Email
Step 1: Composing and Sending the Email
User Composes Email: You draft an email on your device, whether it's a computer, smartphone, or tablet.
Clicking "Send": After composing your email, you click the "Send" button in your email client.
Step 2: Routing and Protocols
SMTP (Simple Mail Transfer Protocol): Your email client communicates with your outgoing mail server using SMTP. This protocol helps transfer your email to the server.
Step 3: Outgoing Mail Server
Authentication: The outgoing mail server verifies your credentials to ensure you are authorized to send emails from your account.
Message Submission: The server receives your email and adds it to the queue for delivery.
DNS Lookup: The server performs a Domain Name System (DNS) lookup to find the recipient's mail server based on the recipient's email address domain (e.g., gmail.com).
Step 4: Recipient's Mail Server
MX Record Lookup: The recipient's mail server is determined through DNS by looking up the Mail Exchange (MX) records of the recipient's domain.
Step 5: Delivering the Email
SMTP Communication: Your outgoing mail server connects to the recipient's mail server using SMTP. The two servers communicate to establish a connection.
Recipient Verification: The recipient's mail server verifies that the recipient's email address is valid and exists.
Virus and Spam Scanning: The recipient's mail server may scan the email for viruses, malware, and spam content to ensure the email is safe.
Delivery to Inbox: If the email passes verification and scanning, it is delivered to the recipient's inbox.
Step 6: Recipient Retrieves Email
Email Client Fetches: The recipient's email client (e.g., Outlook, Gmail) connects to the recipient's mail server using protocols like IMAP or POP3 to fetch the newly received email.
Step 7: Viewing the Email
Display in Email Client: The email is displayed in the recipient's email client, and the recipient can read and interact with the content.
This description illustrates the general journey of an email from sender to recipient. Each step involves various technical components like servers, protocols, authentication, and checks to ensure smooth and secure email delivery. You can create diagrams to represent each step for a more visual understanding.
I understand your request now. Here's a simplified step-by-step process with blocks to illustrate what happens to an email after you click "send."
Last updated