Azinet Technical InfoCenter More Tech and Science Articles
Search Engines and Your Web Site SeekOn Tech Library
This note provides basic information regarding setting up and using Email server and client software through an Internet Service Provider (ISP).
Email is normally handled using two independent servers as follow:
Your email client program normally sends mail to a SMTP server at your Internet Service Provider (ISP) to be relayed to its ultimate destination. The SMTP server must be set up in your mail program and usually has an address like mail.IBM.net. The SMTP server holds mail in case the receiving server is temporarily down, distributes copies of the message to multiple addresses if there are any, and returns emails to the sender if there is a problem such as "Can't send your email for 4 hours but still trying", or "No such domain". If the message is to Joe6712@foo.com the SMTP server relays the message (also by SMTP protocol) to the server at address foo.com.
When you use your email program to check for received mail it will log on to the received mail server usually using the POP3 protocol. The POP server will have an address which can be the same as the domain of the email address such as IBM.net or may be different such as pop.IBM.net. This POP server address must be specified when the mail program is configured. The POP server also requires a password which you can permanently set into your email program or require that you enter the password every time you check mail if others have access to your computer. Some email programs can be configured to automatically check mail every so many minutes and beep if you have new mail. The POP server will return mail to sender if there is no such person (Joe6712 doesn't exist at foo.com). A more modern server protocol known as IMAP is beginning to be used by some ISPs. The standard POP3 system transmits passwords as plain text allowing the possibility that account information could be stolen. Many systems are now using encrypted communications between user and incoming (POP3) email server to avoid this. Setting up the encryption is an extra step at the user's client software.
You can configure your email program to leave mail on the server even after your email program has downloaded it to your computer or to delete mail that has been downloaded. This is handy if you are checking mail from home but want to keep copies of all received mail on your office computer.
It may be possible to set the server that receives your mail to forward it to another server. This might be handy if you temporarily move to another location such as the Brazil office where you want to check your mail using an associate's account. You might also want to consolidate several email accounts so that they feed mail to one POP server.
Some web site developers supply email alias accounts. For example, you have a web site for bird watchers called www.birdwatch.org. You could have an email alias email@example.com that just forwards to your account Joe6712@IBM.net. You could also have a personal account Joe@birdwatch.org. Joe@birdwatch.org is easier to remember, looks better on your business card, and is more meaningful then Joe6712@IBM.net. This way if you later give responsibility for birdwatch to someone else you just change the alias. Likewise you are now able to change your internet service provider without screwing up your email address. You can also usually specify a list of people as an alias (eg. firstname.lastname@example.org forwards to Joe6712@IBM.net and Fred8966@AOL.com. Using aliases may cause problems with identity checking (see below).
Spammers would like to use someone else's SMTP (outgoing mail) server because that way someone else is paying to send out all those copies and there is an another layer of anonymity. In an effort to prevent this many ISPs and companies are adding checks to their SMTP servers. For example, you will probably not be able to send a message via mail.IBM.net unless you are logged onto IBM.net and therefore a customer and traceable if you try to send Spam. The SMTP server checks the IP address of the sending machine. You may therefore not be able to send outgoing mail through your company account from your laptop while outside the company. Some servers now require the user software to log in using the user's password before accepting outgoing mail, which adds security and allows mail to be sent from anywhere. Encryption can be added to the user's-machine-to-SMTP-server link in a manner similar (but not the same) as for the POP3 server link to protect the password.
Some ISPs will not accept mail that has a return address outside of their domain. If you send mail with a return address of Joe@birdwatch.org through mail.IBM.net it might not be accepted. Your ISP might be able to add your return address to the approved list. Check with your ISP to see what is possible.
Most email servers now use spam filtering software such as the popular Spamassassin. This software works by checking the content of incoming messages for typical spam terms and phrases. It can also check a large number of "black hole lists" of known spammer addresses. (It is very difficult for a spammer to fake the actual IP address of the server sending the spam.) Some list maintainers have "spam traps" or dummy email addresses that are not used for legitimate mail but placed where spammer harvesting robots would find them. If the trap gets an email from a given IP address, that address is instantly added to the black hole list. A subsequent spam, even only seconds later, can then be rejected. Additionally if the email contains web site addresses or telephone numbers, the software can check black hole lists of known spammer web site addresses and telephone numbers. Finally, the software can check origination ID (see below) if the email provides for checking.
Normally, email is not rejected for failing any one of the tests described above. (There are usually hundreds of individual tests applied.) Also mail is not generally rejected by the server. Instead, the software produces a score that is the composite result of all the tests. This score is usually imbedded into the subject line or a header line of the email. The software can also be set, sometimes on a individual user basis, to imbed a particular phrase (e.g. "SPAM") into the subject line if the score exceeds a preset number. Users can set the threshold score lower (catches virtually all spam but has false positives) or higher (more spam gets through but few false positives). The user then sets his client software (e.g. Eudora) to automatically transfer mail exceeding the threshold score to a "spam" mailbox.
Sophisticated email client programs such as Eudora have their own filter capability which can be also used to reject Spam based on content phrase analysis. The program puts detected probable spam messages in a "junk" mailbox. These programs can "learn" or be trained by the user. If mail in your "in" box is spam you press a "junk it" button. If mail in the junk mail box is legitimate you push "not junk" and it transfers the message to your in box and adjusts the filter to accept subsequent similar emails. Spamassassin or similar server software used with client filtering is very effective. To use both, you need to set your email client to first check for the marked header or subject line and transfer marked messages to "spam" and then check the internal score of remaining messages for transfers to junk. Set the server threshold high. This way you can assume that all messages in the spam mailbox are indeed spam and only check the junk mailbox for possible false positives.
Email Identity Checks
There are two schemes (SPF and SenderID) for checking that an email has actually been sent from the address given in the "from" line. Unfortunately, both require the cooperation of the sending email server and many senders do not use either system. Email can therefore be rejected if the check fails but cannot be rejected just because the sender does not support a check. Spammers can use a random return address or an address on a server that does not support checking, or can even use their own email address that checks "good". ID checking therefore does not help with spam. If you receive forwarded or alias emails, the ID checking typically does not work.
Copyright © 1998 - 2007 Azinet LLC
Return to Azinet Technical InfoCenter