Lesson Six

What is email?
Electronic mail, commonly shortened to “email,” is a
communication method that uses electronic devices to
deliver messages across computer networks. "Email"
refers to both the delivery system and individual messages
that are sent and received.
Email has existed in some form since the 1970s, when
programmer Ray Tomlinson created a way to transmit
messages between computer systems on the Advanced
Research Projects Agency Network (ARPANET). Modern
forms of email became available for widespread public use
with the development of email client software (e.g.
Outlook) and web browsers, the latter of which enables
users to send and receive messages over the Internet using
web-based email clients (e.g. Gmail).
Today, email is one of the most popular methods of digital
communication. Its prevalence and security vulnerabilities
also make it an appealing vehicle for cyber attacks
like phishing, domain spoofing, and business email
compromise (BEC).
 How does email work?
Email messages are sent from software programs and web
browsers, collectively referred to as email ‘clients.’
Individual messages are routed through multiple servers
before they reach the recipient’s email server, similar to
the way a traditional letter might travel through several
post offices before it reaches its recipient’s mailbox.
Once an email message has been sent, it follows several
steps to its final destination:
1. The sender’s mail server, also called a Mail Transfer
Agent (MTA), initiates a Simple Mail Transfer Protocol
(SMTP) connection.

2. The SMTP checks the email envelope data — the text that
tells the server where to send a message — for the
recipient’s email address, then uses the Domain Name
System (DNS) to translate the domain name into an IP
address.

3. The SMTP looks for a mail exchange (MX) server

associated with the recipient’s domain name. If one exists,
the email is forwarded to the recipient’s mail server.

4. The email is stored on the recipient’s mail server and may

be accessed via the Post Office Protocol (POP)*
or Internet Message Access Protocol (IMAP). These two
protocols function slightly differently: POP downloads the
email to the recipient’s device and deletes it from the mail
server, while IMAP stores the email within the email
client, allowing the recipient to access it from any
connected device.

To continue the postal system analogy, imagine Alice

writes a thank-you note to Bob. She hands the letter to the
mail carrier (MTA), who brings it to the post office to be
sorted. At the post office, a processing clerk (SMTP)
verifies the address written on the envelope. If the address
appears to be written correctly and corresponds to a
location that can receive mail (MX server), another mail
carrier delivers the letter to Bob’s mailbox. After picking
up the mail, Bob might keep the note in his desk drawer,
where he can only access it at that location (POP) or put it
in his pocket to read at any location (IMAP).
*The current version of the POP protocol is named POP3.

What are the parts of an email?

An individual email is made up of three primary
components: the SMTP envelope, the header, and the
body.
SMTP envelope

The SMTP “envelope” is the data communicated between

servers during the email delivery process. It consists of the
sender’s email address and the recipient’s email address.
This envelope data tells the mail server where to send the
message, just as a mail carrier references the address on an
envelope in order to deliver a letter to the correct location.
During the email delivery process, this envelope is
discarded and replaced every time the email is transferred
to a different server.

Header

Like the SMTP envelope, the email header provides

critical information about the sender and recipient. Most
of the time, the header matches the information provided
in the SMTP envelope, but this may not always be the
case. For instance, a scammer may disguise the source of a
message by using a legitimate email address in the header
of an email. Because the recipient only sees the header and
body of an email — not the envelope data — they may not
know the message is malicious.
The header may also contain a number of optional fields
that allow the recipient to reply to, forward, categorize,
 archive, or delete the email. Other header fields include
the following:
o The ‘Date’ field contains the date the email is sent. This is
a mandatory header field.

o The ‘From’ field contains the email address of the sender.

If the email address is associated with a display name, that
may be shown in this field as well. This is also a
mandatory header field.

o The ‘To’ field contains the email address of the recipient.

If the email address is associated with a display name, that
may be shown in this field as well.

o The ‘Subject’ field contains any contextual information

about the message the sender wants to include. It is
displayed as a separate line above the body of an email.

o The ‘Cc’ (carbon copy) field allows the sender to send a

copy of the email to additional recipients. The recipients
marked in the ‘To’ field can see the email address(es)
listed in the ‘Cc’ field.

o The ‘Bcc’ (blind carbon copy) field allows the sender to

send a copy of the email to additional recipients. The
recipients marked in the ‘To’ field cannot see the email
address(es) listed in the ‘Bcc’ field.
Body

The body of an email contains any information the sender

wishes to send: text, images, links, videos, and/or
other file attachments, provided that they do not exceed
the email client’s size restrictions. Alternatively, an email
can be sent without any information in the body field.
Depending on the options provided by the email client, the
body of an email can be formatted in plain text or HTML.
Plain text emails do not contain any special formatting
(like non-black font colors) or multimedia (like images).
They are compatible with all devices and email clients.
HTML emails do allow formatting and multimedia within
the body field, though some HTML elements may get
flagged as spam by email filtering systems or may not
display properly on incompatible devices or clients.

What is an email client?

An email client is a software program or web application*
that enables users to send, receive, and store emails.
Popular email clients include Outlook, Gmail, and Apple
Mail.
Software- and web-based email clients each have
advantages and disadvantages. Desktop email clients often
come with more robust security capabilities, streamline
email management across multiple accounts, provide
offline access, and allow users to back up emails to their
computers. By contrast, web-based clients are usually
cheaper and easier to access — since users can log in to
their account from any web browser — but are reliant on
an Internet connection and can be more susceptible to
cyber attacks.
*Originally, ‘email’ referred to desktop email clients and
‘webmail’ referred to web-based email clients. Today, the
term ‘email’ encompasses both systems.

What is an email address?

An email address is a unique string of characters that
identifies an email account, or ‘mailbox,’ where messages
can be sent and received. Email addresses are formatted in
three distinct parts: a local-part, an “@” symbol, and
a domain.
For example, in the email
address [email protected], “employee” denotes
the local-part and “example.com” denotes the domain.
Imagine addressing a letter: the domain signifies the city
where the recipient lives, while the local-part specifies the
street and house number at which the letter can be
received.
Local-part

The local-part tells the server the final location of an email

message. It may include a combination of letters, numbers,
and certain punctuation marks (like underscores). The
maximum number of characters for an email address
(including both the local-part and domain) is 320, though
the recommended length is capped at 254 characters.

Domain

The domain may be a domain name, like example.com, or

an IP address, like 192.0.2.0. In the former case, the
SMTP protocol uses DNS to translate a domain name into
its IP address before delivering the message to the next
server.
Like the local-part, the domain also has to adhere to
certain formatting requirements established by the Internet
Engineering Task Force (IETF). Approved domain names
may include a combination of uppercase and lowercase
letters, numbers, and hyphens. An email address can also
be formatted with an IP address in brackets instead of a
domain name, although this is rare. The character limit for
a domain name is 63.
Is email secure?
Although email is often used to exchange confidential
information, it is not a secure system by design. This
makes it an attractive target for attackers, who may
intercept an unencrypted message, spread malware, or
impersonate legitimate organizations. Other email security
threats include social engineering, domain
spoofing, ransomware, spam, and more.
One of email’s most significant vulnerabilities is its lack
of built-in encryption, leaving the contents of an email
visible to any unauthorized party that might intercept or
otherwise gain access to the message.
In an attempt to make email more secure, many email
clients offer one of two basic encryption
capabilities: Transport Layer Security encryption (or ‘TLS
encryption’) and end-to-end encryption (or 'E2EE').
During TLS encryption, messages are encrypted during
transit (from user to server or server to user), and the email
service provider retains possession of the private key used
to set up this encryption. The email service provider can
therefore see the unencrypted contents of the email.
During end-to-end encryption (from user to user),
messages can only be decrypted by the sender and
recipient of the email.
For a complete rundown of email security best practices,
see What is email security?

How does Cloudflare help secure email?

Cloudflare Area 1 Email Security is a cloud-based email
security solution that helps prevent a number of email
threats, including phishing, malware, Business Email
Compromise (BEC), and email supply chain attacks. It
uses robust machine learning models to identify risks
before they reach user inboxes, and integrates with
common cloud email providers to enhance existing
detection and mitigation capabilities.