"You've Got Mail"

A Story of Modern Electronic Communications

Email Guide by WebHostingGeeks.com

Introduction

The film, "You've Got Mail" was evocative of a time when e-mail was creating a revolution in the way we communicate. E-mail, or electronic mail, is now a well-established, ubiquitous method that we use to communicate in our personal and business lives. It has resulted in the near total demise of fax and letter-sending, which are falling off to the extent that the U.S. Postal Office has seen a decrease in mail volume of around 27% since its peak.

As a social animal, humans need to "talk" to each other to live our lives, do our business and make inter-personal connections. Human history has shown us that human beings will innovate around methods of communication to allow discourse across distance. In ancient times methods like smoke signals and lighted beacons were used. Later we used pigeons to send letters and later still, the development of electronic means of communication gave us the telegraph and the telephone. All of the methods we have used in the past, essentially did the same thing that e-mail does today, communicate information to another human being across distance.

The advent of the Internet gave us the next level in communication innovation. The Internet became a new conduit for us to communicate across, resulting in the development of electronic mail or e-mail. The Radicati Group, who produce a regular report on global e-mail usage, stated that in 2015 e-mail continued to grow at a steady pace, with 2.6 billion e-mail users worldwide sending and receiving over 205 billion e-mails per day. Their report predicts that by 2019, one third of the world's population will be using e-mail regularly.

The success of e-mail is down to its relative ease of use. E-mail has become almost an instinctive tool. That simple, click to create and click to send action has resulted in massive uptake of e-mail communications and the instant reaction that it can elicit has made it an irresistible way of communicating.

The History of E-mail

The First Computer Mail

The original "e-mail" was really nothing like the e-mail we use today. The very first message that could be called an electronic mail was a simple file, copied from one computer to another and identified with, for example, a person's name. This nascent e-mail system was originally used at the Massachusetts Institute of Technology (MIT) in the early to mid 60s. The system was developed on the Compatible Time Sharing System (CTSS) at MIT, which was used to allow multiple user access to computers in the university and across associated colleges. One of the outcomes of this multi-sharing environment was that "messages" in the form of files, could be placed in common directories so that other users could read them. It was a simple way to send a message to someone you were working with; they'd log in and see a file with their name on and read it.

CTSS Mail

Around 1965 as a natural extension of this system was the development of the programming command "CTSS mail". This would make the process of sending mail to CTSS users programmatic. Tom Van Vleck and Tim Morris took the idea outlined in a programming staff note, that suggested a new command that would allow a private message to be sent from one user to another – the original note can be found here. The original development was less about sending an electronic letter and more about informing a user that a request for a file retrieval was made.

The Next Leap Forward: ARPAnet Mail

ARPAnet or the Advanced Research Projects Agency Network was the first ever network to implement the protocol TCP/IP. The initial pans for this connected network of computers was published in 1967 by MIT researcher, Lawrence Roberts. It became the underpinning protocol of the Internet, and continues to be so to this day. The protocols set out the rules for communicating across end-to-end connections. How the data is packetized, addressed, how the data is transmitted between end points and how it is received. ARPAnet, using the protocols TCP/IP, became the first wide area network that allowed packet switching. It gave rise to the Internet we know today. The researchers using ARPAnet used a simple program known as SNDMSG to leave messages for each other. However this program could only leave a message on the same computer.

In late 1969, the Stanford Research Institute was connected up to the ARPAnet and the first message was sent between two computers. However, this still wasn't like the "e-mail" we know today.

The First Ever True E-mail: QWERTYUIOP

The first electronic message that we can call "true e-mail", was sent in 1971 by computer engineer Ray Tomlinson. Ray wrote a file transfer program called CYPNET, which was an extension of the earlier SNDMSG program. The difference was that CYPNET used the TCP/IP protocols of the ARPAnet network to send messages between any computer on the network.

As part of this development, Ray defined the use of the @ symbol which designated the computer the user was at. The protocol being:

usersloginname@hostcomputer

It is worth pointing out, that the electronic messages sent using ARPAnet and the earlier CTSS system were simply to convey information between other technical authorities. The productization and mass use of e-mail like we know today was still some way off.

Sorting the Mail

As we entered the 1970s, e-mail became more commonly used, but still in the context of specialist users. With greater usage came problems with message management. This problem was solved by the man who led the team that developed ARPAnet, Dr. Lawrence Roberts. In 1971, Larry Roberts created the first e-mail program that allowed users to control e-mails. The program known as "RD" allowed users to read, save, forward, delete and importantly, organize messages received.

Commercialization of E-mail

By 1973 e-mail took up around 75% of ARPAnet network activity. This was very interesting to anyone interested in the next "killer app" and was not lost on the commercial world. Two of the earliest commercial services specifically offering e-mail were CompuServe and MCI Communications Corp's, "MCI Mail". MCI Mail's first version in 1983 only allowed you to message other MCI Mail users, but this was extended to include sending e-mails to other systems as e-mail usage expanded. CompuServe's Information Service or CIS e-mail offering was introduced in 1989 and became the largest consumer information service in the world.

Off the back of the commercial e-mail services like MCI Mail and CompuServe, a number of client based e-mail programs were developed; including Lotus Express, Norton's MCI Mail utility and the short lived Microsoft Bob.

E-mail Today

Today, e-mail is ubiquitous. We may think that instant messaging using social platforms and applications like Skype are popular, but nothing offers the same level of management and archiving as e-mail.

As mentioned earlier, the Radicati Group has shown that e-mail usage is increasing. The current 2015 numbers stand at 205 billion e-mails sent or received each day across the world. They expect a 5%, year on year increase on these figures so that by 2019 there will be around 246 billion e-mails sent and received every day across the globe. Of the current 2015 figures, almost 55% of those are business e-mails, the rest are personal.

And mobile is changing the way we use e-mail. According to Litmus State of E-mail Report, 33% of e-mail opens occur on an iPhone with 15% opens occurring on an Android. The world of mobile e-mail is here.

The way that people use e-mail is changing too. We often have multiple accounts, 39% having at least two accounts – each account used for different tasks. Users tend to have a primary e-mail address and research has shown that 40% of us check this e-mail account up to 3 times a day.

Many of us have e-mail accounts that are over ten years old. This fact alone shows how attached we get to our e-mail accounts and how personal they are to us, even being part of our digital identity.

Protocols

Every time a new technology comes along a protocol for tat technology needs to be created. Protocols allow programs to talk to each other by setting out rules of exchange; they also build interoperability into a system. E-mail is based on a client / server type architecture. To achieve e-mail communications across different operating systems and e-mail clients a number of protocols governing the system have been developed.

The sending and receiving of e-mail can be split into two types of protocols:

  1. The mail transport protocol: Simple Mail Transfer Protocol or SMTP
  2. The mail access protocols of which there are currently two main ones:
    • Post Office Protocol or POP
    • Internet Message Access Protocol or IMAP

Simple Mail Transfer Protocol: SMTP

SMTP was first developed as a standard for mail transmission in 1982 by the Internet Engineering Task Force (IETF). In 2001 the IETF obsoleted the original SMTP specification document with an updated specification. The updated version allows for extensions to the original and brings it up to date with changes in Internet use.

SMTP is generally used as an unsecured layer through port 25. However, you can use security with SMTP. If you use Transport Layer Security (TLS) you need to send the messages via port 587 and if using Secure Sockets Layer (SSL) port 465.

Post Office Protocol: POP

POP is a protocol, again developed by IETF, which allows a given computer node (e.g. workstation) to dynamically connect to a mail server and receive e-mail. The current version in use is POP 3 (10). POP allows a user to not have to be permanently connected to the Internet. POP lets a user download e-mail to a client on a device and delete the original message from the server. This can cause issues with downloading on multiple devices and e-mail synchronization. POP is also compatible with the protocol, Multipurpose Internet Mail Extensions (MIME), which handles e-mail attachments. POP uses TCP/IP protocol for network connection and then SMTP protocol for sending and receiving e-mails.

In brief: POP pulls messages down from a server and SMTP pushes them up to a server.

POP 3 is usually used through port 110 and is unsecured. However if you want to use TLS or SSL you need to use port 995.

Internet Message Access Protocol: IMAP

IMAP can be thought of as the Internet version of POP and is suited to the more modern "always on" relationship with the Internet. It was proposed in 1986 as an alternative to POP. IETF developed the IMAP protocol, the latest version being 4rev1. IMAP can be used to view messages online without having to download them to a device first. In this way it is much more of a "Cloud" based version of e-mail access, making multiple device access easier. One of the downsides to IMAP e-mail access is storage size – if the mail server has storage limits, you may loose e-mails, and so they should be backed up.

IMAP is usually used through port 143 and is unsecured. TLS also uses port 143 but with SSL you need to use port 993.

How E-mail Works

How E-mail Works

The Process

We can break the basic process of generating / sending / receiving an e-mail into the following steps:

  1. Alice and Bob have both setup e-mail accounts from their e-mail client, applying the settings as instructed.
  2. Alice composes an e-mail using her e-mail client (either a desktop or a webmail client). She uses the e-mail address of the recipient, Bob, using the convention adopted in 1972, e.g. bob@domain.com She clicks "Send".
  3. Alice's e-mail client sends the message through port 25, via TCP/IP, to her ISP's SMTP server.
  4. Alice's SMTP server then locates Bob's SMTP server (using the domain of their e-mail address which may also be a mapped domain of a company) and directs the message to that SMTP server.
  5. At this point a Doman Name System, or DNS server is used to query the Mail eXchanger for Bob's domain name.
  6. Bob's SMTP server places the message on the POP 3 or IMAP server of Bob ready for download.
  7. When Bob, opens their e-mail client and clicks "Send/Receive" a request is sent via TCP/IP to User B's POP 3 or IMAP server. POP3 uses port 110 and IMAP uses port 143. The message is then downloaded to the mail client
Note:
When you send or request access to an e-mail you need to authenticate yourself. This is usually using a username and password, which is set as a configuration during e-mail account setup.

Sending E-mail

E-mail can be sent using a device client or webmail interface. SMTP is the protocol used to transmit e-mail messages. You need to have an Internet connection to actually send the e-mail, but you can compose one without Internet access if you use an e-mail client on a device.

To send e-mails follow these steps:

  1. Click compose or New/E-mail message, or similar, to open a new e-mail message window.
  2. This e-mail message window will have a number of fields that need to be completed. Add the e-mail recipient/s address in the "To" field. Add additional recipients using the "Cc" and "Bcc" fields. Many e-mail clients offer auto fill and will offer up e-mail addresses based on the first letter/s you start to type in. You can then choose the right e-mail address. The "bcc" field stands for "blind courtesy copy" and any recipients in this field will receive the e-mail. Other recipients will not be made aware that the bcc recipients were included in that e-mail. If you want to keep your e-mail recipients confidential, enter your own name in the "To" field and all other recipients in the "Bcc" field.
  3. Add a line in the subject field. This helps the recipient to know what the e-mail is about.
  4. Add your e-mail body content. If the e-mail is "text only" e-mail you'll have limited ways of changing the layout and font. If you have "send as HTML" set you have much more control over the look and layout of the e-mail body text.
  5. You can also add an attachment at this point by dragging the file into the e-mail or choosing to insert a file/image from the e-mail client toolbar.
  6. Once completed, click "Send".
  7. If you are connected to the Internet and have configured your e-mail to automatically send e-mails, your e-mail will be sent. Otherwise it will be placed in the e-mail client "Outbox" folder. In this case, clicking "Send/Receive" will send any e-mails in the Outbox. You can also create a draft of an e-mail – how this is done depends on your e-mail client / webmail.
  8. Once sent, the e-mail will be stored in the "Sent Items" folder.

Receiving E-mail

To receive an e-mail you need to have an e-mail client or webmail. You need to be logged into this application. E-mail messages that have been sent to you are held on the POP 3 or IMAP server and these are the protocols used to receive e-mail messages.

With device based e-mail clients, you can configure your client to automatically receive e-mails if you have Internet connection. Alternatively you can set pick up schedules or choose to only receive e-mails on clicking Send / Receive.

If there are messages waiting for you on the server they will be downloaded to your device client or displayed in your webmail in the browser.

E-Mail: DNS and MX Records

DNS or Domain Name System is a way of assigning names to any device connected to the Internet. It has been around since the 1980s and is used to assign domain names and map these to Internet resources, e.g. it translates the domain name, www.webhostinggeeks.com, to an IP address 162.247.79.100. You can see our DNS guide here. The DNS address can be dynamic and very quickly changed without actually impacting the end users who use the domain address. This means that e-mails can be sent without actually knowing how the computer locates the services.

MX Records or Mail eXchanger are a type of DNS record. When you send an e-mail the SMTP server will look up the name servers for the domain extension of the e-mail address. It will then do a query against the domain name servers for that MX record. Finally it will look up the names of the MX records in the DNS server and locate the associated IP address.

Domains can have multiple associated MX records, each with a set priority. This can help with load balancing, or make a backup MX if the primary one is unavailable.

Using E-mail

E-mail Server Software

Mail servers are usually run by the ISP who issued your domain when it was purchased. However, you can potentially setup, run and maintain your own mail server, for example if you're an e-mail marketing company.

There are a number of mail server software packages available that will perform all of the functions needed to manage e-mail traffic and serve up e-mails. The vendors provide SMTP server software that can be configured to your own requirements and give you more control over the sending of e-mails. Some of this software is open source, such as hMailServer, which works on Windows servers or iRedMail, which works on many Unix based servers.

If you decide to run our own e-mail server you would also need to use a spam filter and anti-virus software, if this doesn't already come packaged with your SMTP server software.

E-mail Clients

In the server-client architecture of an e-mail system, the mail servers communicate with e-mail clients, that are either installed as an application on a device, i.e. a desktop, or that are web applications accessible in a browser.

Users need to authenticate themselves, i.e. provide login details to use both a desktop based and webmail client. Usually this is a username and password. When a user wants to check if messages are available on the mail server for download, they chose a function such as "Send / Receive" to make that query and initiate the download. The process of request and download is performed using either the protocol POP3 or IMAP as described earlier. Desktop e-mail clients can use either POP3 or IMAP. If you configure your desktop client to use IMAP it will leave a copy on the server so you can download the same messages on another device. You can do this with POP 3 but it is not an inherent property of the protocol and you have to configure the settings to leave a copy of the message on the server.

E-mail client and webmail applications have seen dramatic changes in popularity since the increase use of mobile devices. The following graph, created using data from analytics of e-mail opens in November 2015, tracked by vendor Litmus shows that mobile-based e-mail systems are the most popular.

Microsoft Outlook

Microsoft Outlook is part of the Microsoft Office suite of products. Outlook for Windows 97 was released in 1997 and we are currently on Outlook 365, which is a Cloud based version. Outlook can be used on Windows machines or installed on the Mac OS as a Mac version. It is a popular e-mail client and offers more than just e-mail management, including a calendar, task manager, notes and contact management.

Mozilla Thunderbird

Unlike Microsoft Outlook, this is a free, open source, cross platform, e-mail client. Released in 2004 it was originally under the umbrella of the Mozilla Foundation of Firefox fame. However, in 2015 it was announced that there would be a split off from Mozilla forming a separate Thunderbird organization.

Thunderbird has some neat features such as creating on-the-fly addresses and handling virtual identities. Unlike Microsoft Outlook it doesn't come packaged with a calendar, but one is available separately.

Mobile E-mail

Sending and receiving e-mails using a mobile device is increasing as mobile device usage increases. According to analysts Pew Research at least 88% of smart phone users access e-mail from their phone, with younger users (18-29 year olds) being most likely to access e-mail in this way.

Apple Mail for IOS

Apple Mail comes as a pre-packaged app on the iPhone. It supports the use of multiple accounts on the one device, which can be POP 3 or IMAP based. It also offers support for Cloud based e-mail such as iCloud, Exchange, Outlook.com and Yahoo!

It is very easy to add new accounts and once added you can send and receive e-mails as long as you have Internet connectivity.

Gmail for Android

Until version 5.0 of Gmail for Android you couldn't add non-Gmail accounts. However, this version allows support for other e-mail systems such as Yahoo and Outlook.com. As with the Apple Mail app, it supports multiple accounts on the same device and both POP 3 and IMAP.

Online E-mail Services

Online services, or Cloud-based e-mail is becoming very popular because it can be accessed from any device, from anywhere, as long as you have Internet connection. It is worth noting however, that all of the main online e-mail services also offer an app version, in keeping with the increase in e-mail access from smartphones.

Using a Google Trends analysis for the last 10 years, you can see the popularity of the four main online e-mail services (I've included Hotmail and Outlook, which are now the same service). Notice that Hotmail and Gmail are starting to have equal status in the market, whilst Yahoo Mail and AOL loose traction.


Google Trends

Let's take a look at the four most popular online e-mail services:

AOL

AOL is a free webmail services offered by AOL. It is accessed, online via a browser using a username and password. There is no limit on the storage you are given on sign up, but the attachment size limit is 25MB. AOL Mail support POP3 and IMAP.

In 2014 AOL had a serious security breach of its network servers, which resulted in millions of AOL users needing to change their login password.

Verizon bought out AOL in June 2015. AOL states in their quarterly report just prior to the acquisition, that they had around 200 million paid for subscribers.

Yahoo Mail

Yahoo Mail has been around since 1997 and was one of the first web based e-mail services. There are around 282 million unique accounts according to Comscore and Yahoo themselves boast of 1 billion unique customers using Yahoo.

Yahoo is working to improve username and password authentication by offering other, more secure, forms of authentication such as SMS text code and Yahoo "account keys" a mobile based authentication app. They are also offering federation with other webmail accounts like Gmail and Outlook to create and sign in to your Yahoo account.

Hotmail

Hotmail entered the world stage in 1996 as another first contender for our online e-mail services. It was bought out as a product by Microsoft in 1997 and went through a few rebranding exercises, including Windows Live Hotmail.

Outlook.com replaced Hotmail in 2013, but the @hotmail.com e-mail suffix is still used by earlier users of Hotmail. Hotmail or Outlook.com, is one of the biggest online e-mail services in the world as exemplified in the Google Trends graph above. It is, however, under serious threat for this position by Google Mail or Gmail.

Gmail

Gmail or Google Mail announced they had around 425 million users in 2012. However, having a Google Account gives you a lot more than just e-mail, for example access to the online document editor, Google Docs. Since the acquisition of You Tube by Google in 2013, this allows those with a Google account to have access to more features in You Tube. This "one account to rule them all" strategy from Google means that a Gmail account is a very useful thing, not just for e-mail.

A cute feature of Google Mail is that if you add a +01, +02…+n to your Google e-mail address, e.g. myname+01@gmail.com you can have an infinite number of e-mail addresses from a single account.

Web Based E-mail (Webmail)

A number of packages are available in the open source community that allow you to have your own online e-mail access using a business / personal domain account, i.e. like your own Google-mail but using your @mydomain. Because of this, many of these online e-mail applications come with hosted website packages offered by the likes of Inmotion, Bluehost, GoDaddy and similar.

Some of the most common examples are:

Horde

Horde is a free enterprise ready webmail suite. It offers e-mail management, calendars, contact management, tasks and notes. It supports the standard e-mail protocols like POP3, IMAP and SMTP. It also supports encryption and signing of e-mail messages.

SquirrelMail

SquirrelMail is a PHP based online e-mail application. It supports the common e-mail standards such as IMAP and SMTP and MIME. Because it is part of an open source project, there have been a number of extension plug-ins created to add functionality to the basic program, including, calendars, address books and security plug-ins.

Roundcube

Roundcube is another browser based webmail application that is free to use. It is a multilingual program with a number of features such as pre-defined response templates and support for international domain names. It is also exposed as an API for use with other web applications. It supports standard e-mail protocols like SMTP, IMAP and MIME.

E-mail Tips and Suggestions

E-mail is pretty straight forward to use, whether you use a desktop client or an online e-mail service. However, as with any software applications, there are shortcuts, tips and hints that can help make life a little easier when using it.

Below are just a few suggestions to help you optimize your e-mail usage.

E-mail User Name Choices

Your business e-mail address is usually chosen for you, based on a specific business policy. However, personal e-mail addresses mean you can choose the username yourself (assuming it isn't already taken of course).

Choosing a personal e-mail address is a lot like personal branding. Your e-mail address says a lot about you. If you choose an e-mail address now, using your actual name such as firstname.surname@e-mailservice.com with one of the big online mail services like Google, chances are you won't be able to get it as it'll already be taken. You can try to play with your name, perhaps having surname.firstname@ and you can always put a number as an append to you name, e.g. firstname.surname11@ but this isn't ideal.

If you're a woman in a culture where you change your surname on marriage, you may also want to consider this when creating an e-mail address. It may well be useful to keep an e-mail address with your unmarried name, but it can get complicated if using it to communicate with official services, such as banks, if you change your surname officially.

It may be that you want to portray a particular image, so the username part of your e-mail address will convey that. For example, you may be a fashionista that makes a lot of blog comments on fashion blogs and you want to be noticed. In this case a user name like fashionlover@e-mailservice.com would be fitting.

It is often the case that we need more than one account to use for different purposes. So when creating an e-mail account, consider what you'll be using it for and choose an appropriate username based on that.

An E-mail Address At Your Own Domain

An important part of individual as well as business branding is to have your own domain address. This means that you have a highly personalized e-mail address. If you follow these steps you can have your own e-mail address with your personalized domain:

  1. You need to purchase a domain, e.g. www.myownurl.com. There are many online sites where you can do this, examples being GoDaddy.com, NameCheap.com and many more.
    • If you already own a domain name, you can transfer that over to a host that offers webmail (see next steps).
  2. Once you have a domain you can setup your e-mail account/s using this domain. This requires a host as mentioned in step 1 above. Usually this will be the same e-commerce site you bought the domain from, or you can transfer it over to another hosting site like Google. You can then choose a package that suits your needs.
    • The package will set the number of e-mail accounts allowed on that domain.
    • The limits of mailbox storage and document storage (for attachments).
  3. Once setup you will then have access to a control panel (e.g. cPanel) which allows you to setup and configure the e-mail accounts under your domain name, e.g. my.self@mydomain.com.
  4. You will then usually receive e-mail access via a webmail account, such as Squirrelmail, Roundcube, etc. where each account can be accessed and e-mails managed.
  5. Often you can also setup access to these accounts from a desktop client too, as they support all of the normal e-mail protocols like IMAP.

E-mail Etiquette: Top 10 List

Composing an e-mail can be an art form. It is your voice and as such represents you. If this is a business e-mail, this is doubly true and you may well be held to account at some future date. So it is wise to know the rules and etiquette of e-mail speak.

These rules are mainly for business e-mails, but you can adapt them and use them in your personal e-mail exchanges too just by applying common sense.

Don't get personal

Don't get personal. There are a lot of stories out there on the Internet about someone sending an e-mail to a work colleague that ends up 'going viral' because it contained salacious details that they couldn't keep to themselves. Keep business e-mail for business and be professional at all times.


Don't use all caps

Don't use all caps. One that seems to be commonly recognized as a faux pas in e-mail speak, but one that still seems to slip through the net too. Using all caps in an e-mail reads as if you are shouting at the reader. Avoid at all cost, even if you do want to shout at them.


Take care with personally identifying information (PII)

Take care with personally identifying information (PII).Try to avoid using e-mails to send PII. E-mails are not a secure form of communication. Even encrypted, once they are in the hands of the recipient you don't know what will happen to that information.


Keep sensitive data out of prying eyes

Keep sensitive data out of prying eyes. As with PII disclosure, e-mails are not the best place to send highly sensitive information, for example about a merger, or the sacking of an employee and so on.


Be polite and respond

Be polite and respond. One of the bug bears of e-mails is that they are supposed to be instant communication but many people forget to reply to e-mails and they end up falling into an e-mail black hole. This is especially true if you have a lot of e-mails to deal with everyday. The best thing to do is to try and deal with them as they come in and get them out of the way.


Make your e-mails readable

Make your e-mails readable. It is well known that reading content on screen is less than ideal. If you are writing a long e-mail, with many action items or points to be made, split the paragraphs up logically and use bullets where possible. Make the e-mail readable and you're more likely to have the recipient respond to requests and actions.


Make your subject line pertinent

Make your subject line pertinent. Use the subject line to indicate the essence of the e-mail.


Be careful whom you send it to

Be careful whom you send it to. Use cc carefully. It may well be that the reply will be a reply all and you may not want certain others to see the return e-mail. Use bcc sparingly too, only when you absolutely must.


Privacy of other e-mail addresses

Privacy of other e-mail addresses. If you are sending out an e-mail to a lot of people and you want to maintain the list privacy, use your own name in the 'To' field and place all other e-mail addresses in the 'Bcc' field so their addresses are hidden from the other recipients.


Watch out when you reply all

Watch out when you reply all. Similarly if you reply to an e-mail be very careful about clicking 'reply all'. You may not want a cc'ed recipient to see your reply (see 'Accidental E-mails and Insider Threats below).


E-mail Security

SPAM

Spam is defined as "unsolicited e-mail", which can be something innocuous like an advert for a local retailer outfit, or it can be malicious spam, which contains malware. Either way, the user hasn't requested the e-mail and most of the time doesn't want it either. The problem is that e-mail is a cheap way to market. There are no printing or postage costs and buying in e-mail contact lists can be cheap or fairly easily researched. So it is an attractive method of putting a sales message out to a very wide audience. However, spam e-mail is impacting the effectiveness of more targeted commercial e-mail marketing in a negative way for the simple reason that it is creating "e-mail fatigue", making it less likely a person will open an e-mail from an external organization.

The first use of the word "spam" in the context of e-mails was in 1993 in a post in the USENET forum by Richard Depew. The term, spam, was taken from the Monty Python sketch where they sing the "Spam Song". The song is just a repeat of the word spam, Richard Depew making the comparison of continually repeating e-mails to the word spam in the song.

Spam and Statistics

Spam is the bane of every e-mail user's life. Radicati in "E-mail Statistics Report: 2015-2019" shows that in 2015 the average user received 12 spam messages into their inbox, per day. They also predict that by 2019 the number will increase to 19 spam messages, per user, per day.

The amount of spam is still high, even with a movement towards the use of social media for advertising. Analysts, Gartner have said that as much as 69% of all e-mail is illegitimate, spam.

Political e-mails, even those representing terrorists, are a fairly new entrant to the world of spam, which we can expect to see more of.

The types of people sending spam e-mails are highly varied, from small business owners who perhaps haven't thought too much about an e-mail marketing campaign and the idea of "opt-in". To organized groups, sending out spam mails on behalf of companies - the latter is called a "spam affiliate program". Programs like this allow third parties to run the back end office type work of an organization. The spammer will earn a % of any sale that is made from a spam e-mail they have sent out. These types of schemes are often associated with health products, e.g. the "Viagra" emails we've all received.

And then there are the malicious spammers. E-mails containing malware, including the sinister ransomware, are very wide spread. These types of e-mails can contain malicious attachments, or have links to spoof websites.

Spam E-mail Measures and Controls

Various acts and laws have been created to try to stem the tide and control spam e-mails. These include:

ACMA

The Australian Communications and Media Authority (ACMA) a government agency in charge of media and communications in Australia, governs the Spam Act 2003. This act controls the sending of commercial e-mail messages when they contain an Australian based link in the e-mail.

CASL

Canada's Anti Spam Legislation, is a law that applies to all electronic messages, including e-mails and texts. Any message sent to a Canadian citizen, from a Canadian organization has to have "opt-in" applied. However, "implied consent" can be used to get around the law, implied meaning that they (the recipient) have, in a highly conspicuous manner, disclosed their personal details online or otherwise.

EU Directive 2002/58/EC

This is a "Privacy in Electronic Communications" directive from the European Union that covers many areas of online life, including spam. Article 13 of the directive pertains to unsolicited e-mails. The directive states that e-mails can only be sent out to recipients who have "opted-in" to receive those e-mails. Any company collecting marketing data, including e-mails address, has to give the user the option to choose to reject the use of their data for marketing purposes.

CAN-SPAM Act of 2003

CAN-SPAM or, "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003" defines how a commercial e-mail should be formed and presented to a recipient. This includes having the option to "opt-out" from future e-mails. It also specifies that deceptive use of subject matter headlines be prohibited. It also has provision for companies who use third parties to send out mass mails, stating that if the third party company doesn't comply with the law, then both the company sending the e-mail and the originator can be prosecuted.

Security Threats

E-mail is being used as a highly effective vector for cyber attacks. Since the advent of the Internet and mass e-mail, cybercriminals have used this method to propagate malware, such as viruses and Trojans. More recently e-mail has been used as a means of extorting information from a user via social engineering techniques.

A virus in the context of an e-mail is a piece of malware that is carried via that e-mail; either as an attachment or through a link to an infected website, in the e-mail content itself. The virus usually infects a computer by locating a vulnerability in some software running on the PC. This can be either the operating system itself, or a software application like a browser. A vulnerability is a software flaw that malware can use to embed itself and run the malicious code.

E-mail continues to be a popular method of infecting computers and it is being used in more and more sophisticated ways. In the Symantec Internet Security Threat Report 2015, they state that, "E-mail remains a significant attack vector for cybercriminals".

In an e-mail, the malware can be contained as:

  • An attachment: The code is executed once the attachment is opened. The attachment can be almost anything. In the past, hackers would typically use an executable file as an attachment. But as users became wary of .exe attachments and as filtering removed .exe files before they hit a users inbox, the hacker turned to less obvious methods such as a zip file, or even a native document such as a Word document or PDF file, to carry the malware.
  • A malicious link: As more sophisticated spam filters are being developed, which remove malicious attachments, hackers have turned to the use of malicious links in e-mails to deliver malware. Symantec (24) noted more use of malicious links, seeing an increase of link based malicious spam, from 7% to 41% between October 2014 and November 2014. In this type of email, if a user opens the e-mail and clicks on the link in the body of the e-mail, they are taken to a spoof site. The spoof site is often a hijacked domain, so looks very legitimate. Once on the site the user is either coerced into downloading the malware directly, or a "drive by download" is performed, whereby the user is infected without having to download anything.

Once infected, the malware can migrate across a network, where it can exfiltrate data, steal login credentials, and extort money. The latter is known as "ransomware" and is becoming a very popular form of malware.

Ransomware

Ransomware, is often delivered in an e-mail. It infects a computer and proliferates across the network where it encrypts all data files. Once encrypted, it then delivers an onscreen message asking for payment, usually in bitcoins, for decryption of the data. Payment amounts vary, from around $500-$1000 worth of bitcoins, although recently an L.A. hospital paid $17,000 worth of bitcoins to the hacker for decryption of their data.

Phishing and Identity Theft

Phishing e-mails are e-mails that pretend to be from a legitimate online commercial site. Usually they are an attempt to steal online login credentials. So, for example, PayPal is a popular brand that hackers use to create their phishing emails. The hacker will create a spoof PayPal e-mail, which looks a lot like a real e-mail from PayPal. The e-mail will use a method to get the recipient to click on a link and log in to their PayPal account. The link actually takes them to a spoof PayPal site and when they login, their PayPal credentials are stolen and used to login to the real PayPal account.

There are two types of phishing e-mail:

  1. Phishing – these are not targeted and sent out en masse.
  2. Spear Phishing – these are highly targeted e-mails, sent to specific users.

Both use social engineering to make this a successful method of attack. Social engineering allows the hacker to create a more realistic e-mail. Spear phishing takes this to the next level, by allowing the hacker to focus in on an individual and create highly personalized phishing e-mails. Spear phishing is a very successful form of attack and some of the worlds largest breaches have originated with a spear phishing e-mail. For example the Target Corp. cyber attack of 2013, where over 70 million customer accounts were breached, started with a spear phishing e-mail.

Identity theft is a result of phished personal details, especially login details for bank accounts and similar. Spear phishing e-mails can be highly complex attempts to gain a person identity profile. Spear phishing e-mails can often be used in combination with other malicious activity, such as creating false Facebook profiles in the user's name. The e-mails use human behavior to encourage the recipient of the e-mail to engage with the hacker, often handing over personally identifying information that is then used to commit fraud and identity theft. The FBI estimates that around $1.2 billion was stolen through phishing e-mails associated with small business wire transfer fraud (so called Business e-mail Scams) between 2013 and 2015.

Geography of Attacks

Accidental E-mails and Insider Threats

E-mail born security breaches are not always malicious. Accidental data leakage from an e-mail is also a problem. A report by IBM states that 95% of all data loss is due to human error.

A very high profile example of human error in the context of accidental e-mail data disclosure, was during the G20 meeting in Brisbane, Australia in 2014. Here the Australian Immigration Department accidentally sent in an e-mail, personal details, including passport numbers of the G20 leaders to the Asian Cup football representatives.

As mentioned previously, data leakage via e-mails can be a problem in its own right. In fact, the Verizon, 2014 Data Breach Investigations Report found that 44% of data disclosure was down to misdelivery of e-mails. Software that prevents this will allow a user to double check who is on a "Cc" list and that the e-mail is going to the right person, before they actually send it.

Although cyber attacks are becoming more prevalent, more organized and showing grater levels of sophistication, there are still a number of ways of mitigating those risks.

Spam Prevention

Spam filters can be used to process spam before it hits your inbox. There are a number of commercial filters for business users and a few free filters too. Spam filters work by pre-configured rules, which are "tweaked" to optimize them. They usually work across a number of different layers from filtering out content and headers based on a rule-set. You can also get filters that are based on black lists but these require a lot of maintenance to keep up with the changing spam landscape.

More complex filters are based on permission filtering, or challenge and response systems. The former requiring a relationship between the sender and recipient to be set-up before free e-mail exchanges can take place. The latter, requires that a special code be entered to gain permission to send an e-mail to a specific recipient.

Overly zealous spam filtering can be as much of a nuisance as spam mail, because it stops legitimate e-mails getting through and can make the process of e-mail sending / receiving less seamless.

Encryption

Encryption can be used for both e-mail messages and the attachments. Many of the most well known e-mail clients, like Microsoft Outlook and Apple Mail offer encryption of e-mails using certificates. E-mails sent using certificate encryption are also digitally signed. The most common standards used for e-mail encryption of this type are, PGP, S/MIME and GnuPG. The e-mail is encrypted using public-private key cryptography.

How Encryption Works?

  1. The e-mail is encrypted using the public key of the sender.
  2. The recipient saves this public key to their address book.
  3. The recipient then sends an e-mail back to the original sender using their public key to encrypt it.
  4. The original sender can decrypt this e-mail using their private key.

End to end e-mail encryption is not widely used because it requires setting up certificates, which can be a lengthy process. However, companies like Google do encrypt e-mails while in transit.

Basic Security Practices

Some general security practices should be built into your everyday security strategy. These include:

1. Employee training and awareness. Make sure staff understand what a phishing / spear phishing e-mail looks like and how to spot signs of malicious e-mails.

Security Advice 1

2. Keeping software up to date. Make sure that all critical software, including browsers and OS software is patched. If you use anti-virus software, keep it up to date.

Security Advice 2

3. Use second factor authentication wherever possible. This helps prevent successful phishing of login credentials – they may get your username and password, but a hacker can't easily hack an out-of-band second factor like an SMS code.

Security Advice 3

4. Avoid sending sensitive information via e-mail. Just don't.

Security Advice 5

5. Double check who is on a "CC" list. Check e-mails before sending to make sure you haven't replied all when you didn't intend to.

Security Advice 6

E-mail Marketing

A Bit of History

E-mail marketing is almost as old as e-mail itself. This makes sense, as any form of communication is a potential method of communicating a sales message. The first marketing e-mail also came out of ARPAnet, in 1978 from DEC Machines (a computer manufacturer who merged with Hewlett Packard in 2002). At the time, the ARPAnet mail program could only accept a maximum of 320 addresses. DEC marketer, Gary Thuerk was the originator of the message; he thought it would be pretty cool to use the ARPAnet system, which was supported by DEC machines to send out a sales e-mail. It wasn't. It was viewed as an annoyance and is known now as the first ever spam e-mail.

E-mail marketing didn't really take off until the Internet arrived in 1991 although there were "rumblings" of marketing e-mails and "spam" in the late 80s. When it did, it opened up a massive opportunity for marketers to get their message out, quickly and cheaply to a mass audience. This opportunity wasn't lost on organizations across the globe. Soon everyone's inboxes became cluttered with dozens of e-mails from companies touting their wares and the idea of "spam" was born.

Early e-mail marketers were experimenting, they came up with some good and some not so good ideas about how to use e-mails as a marketing tool. An example of the not so good is the use of "chain e-mails". These e-mails were reminiscent of the chain letters that would be sent out, using emotional black mail to get the reader to do something, like sending money to the sender and passing the letter onto others. The chain e-mails would have something similar, such as 50% off this week if you send this e-mail onto 5 friends.

This type of poorly thought out marketing e-mail caused annoyance with the general public and became ineffective as more and more e-mail clutter, built up in people's inboxes.

Since then e-mail marketing has become much more brand orientated and less intrusive. Data protection laws and anti-spam laws were brought into many countries to control marketing e-mails including the option to "opt-out" and the idea of "consent". This was a revolution in e-mail marketing and general Internet based marketing. The famous marketer, Seth Godwin, coined the term "permission based marketing" and started a new era in how marketers reached out to their audience.

Top 10 E-mail Marketing Services

There are a number of e-mail marketing services that can be used to create, manage and control an e-mail marketing campaign. These services usually allow you to:

  • Create e-mail marketing templates
  • Test out your templates in an A/B test
  • Comply with any regulations, e.g. opt out options
  • Manage mailing lists
  • Receive intelligence and analytics from campaigns

The list below shows some of the top e-mail marketing services available at the time of writing (not in order):

Constant Contact

Constant Contact. A veteran of the e-mail marketing services industry. Offers a lot of e-mail design features, including the use of CSS.

MailChimp

Mail Chimp. Offers integration with many ecommerce store options, such as Magento and Shopify.

Benchmark

Benchmark. Has excellent analytics and reporting features.

iContact

iContact. One of the most simple methods of creating a campaign, up and running in minutes and has some great e-mail automation tools.

ActiveCampaign

Active Campaign. Offers intelligent and flexible automation of campaigns.

GetResponse

Get Response. Excellent analytics and optimization of campaigns.

AWeber

AWeber. Very customer focuses with excellent support, templates and automation options.

MadMimi

Mad Mimi. Offers integration between e-mail campaigns and social media networking.

E-mail Marketing Tips and Tricks

E-mail marketing has shown to be highly effective. The Direct Marketing Association (DMA) has found that effective e-mail marketing can offer a ROI of 4300%. Getting marketing via e-mail correct is very important. If you damage your brand, by annoying, or giving out the wrong message, people have long memories and simply won't open your e-mails.

So, following a few fundamental tips when creating an e-mail marketing campaign is a good place to start. The following guidelines should help you to generate good leads and build a brand following:

  1. Branding: E-mail marketing is about building a brand as much as creating a sales message. Creating a brand is a holistic process, involving everything from the position of a logo in an e-mail, to the color and size of the font. Branding helps to give the reader an association with your company and product. Look at how the big well-known brands do this. They use color very effectively, think of red and you think of Coca Cola.
  2. Catchy Subject: Using an effective tag line in the subject field of the e-mail can make the difference between an e-mail delete and an e-mail open. Don't however use all caps, this is seen as an angry statement.
  3. Personalize: Use your name or company name in the "From" address. It makes it more personal – marketing is about building relationships.
  4. Simplicity: Keep the layout of the e-mail simple and the content minimal. Your sales message needs to be focused and not cluttered with other messages.
  5. Reward for Reading: Try to give some sort of "reward", like a tip or discount for reading your e-mail.
  6. Use a Compelling Call to Action (CTA): Create an effective, clickable CTA – remind your readers why they should buy from you.
  7. Short not Long: People have very little time to read e-mails – try and keep it short and snappy and to the point.
  8. Don't: Add in links to sign-in pages. People are increasingly aware of the dangers of phishing (see E-mail Security above) and will automatically distrust e-mail with links to login or similar.
  9. Do: Add in multiple links to CTA type activities.
  10. P.S.: P.S. is a very powerful tool. It stops your readers and make them focus. Use it wisely and it can be an effective sales message.

Hope you liked this article as much as we enjoyed putting it together.

Share


  1. Report High Risk 2015, Restructuring the U.S. Postal Service to Achieve Sustainable Financial Viability, US Government Accountability Office (GAO)
    http://www.gao.gov/highrisk/restructuring_postal/why_did_study
  2. E-mail Statistics Report, 2015-2019, The Radicati Group Inc.
    http://www.radicati.com
  3. Corbato, J. F., et al., AN EXPERIMENTAL TIME-SHARING SYSTEM, Massachusetts Institute of Technology, May 3 1962
  4. Crisman, et al., MIT, Programming Staff Note 39
    http://www.multicians.org/thvv/psn-39.pdf
  5. Roberts, L.G., Multiple computer networks and intercomputer communication, Proceedings of the first ACM symposium on Operating System Principles, 1967
    http://dl.acm.org/citation.cfm?id=811680&dl=ACM&coll=DL&CFID=593288940&CFTOKEN=42847870
  6. Internet Engineering Task Force (IETF), A TCP/IP Tutorial, January 1991
    https://tools.ietf.org/html/rfc1180
  7. Litmus, 2016: State of E-mail Report
    https://litmus.com/lp/2016-state-of-e-mail-report
  8. DMA Insight: Consumer E-mail Tracking Study 2015
    http://dma.org.uk/uploads/ckeditor/pdfs/E-mail_Tracking_Report_2015.pdf
  9. Kelnsin (ed), IETF, Simple Mail Transfer Protocol, April 2001
    https://tools.ietf.org/pdf/rfc2821.pdf
  10. Myers, J., Rose, M., IETF, Post Office Protocol Version 3
    https://tools.ietf.org/pdf/rfc1939.pdf
  11. Crispin, M., IETF, Internet Message Access Protocol Version 4rev1
    https://tools.ietf.org/pdf/rfc3501.pdf
  12. E-mail Client Market Share: November 2015
    https://litmus.com/blog/top-10-most-popular-e-mail-clients-of-2015
  13. Smith A., U.S. Smart Phone Use in 2015, Pew Research Center, April 2015
    http://www.pewinternet.org/2015/04/01/us-smartphone-use-in-2015/
  14. AOL, Press release for 1st Quarter 2015 Financial Results
    http://ir.aol.com/phoenix.zhtml?c=147895&p=irol-newsArticle&ID=2040527
  15. E-mail and Webmail Statistics, E-mail marketing Reports, December 2012
    http://www.e-mail-marketing-reports.com/metrics/e-mail-statistics.htm
  16. Google Official Blog, Chrome & Apps @ Google I/O: Your web, everywhere, June 28 2012
    https://googleblog.blogspot.co.uk/2012/06/chrome-apps-google-io-your-web.html
  17. Seth Godwin, Permission Marketing, January 2008
    http://sethgodin.typepad.com/seths_blog/2008/01/permission-mark.html
  18. Direct Marketing Association, DMA Statistical Fact Book 2015
    http://thedma.org/knowledge-center/dma-factbook/
  19. Symantec, Internet Security Threat Report, April 2015
    https://www.symantec.com/content/en/us/enterprise/other_resources/21347933_GA_RPT-internet-security-threat-report-volume-20-2015.pdf
  20. Internet Society, History of Spam, July 2014
    http://www.internetsociety.org/sites/default/files/History%20of%20Spam.pdf
  21. Firstbrook, P., Lowans, B., Gartner, Magic Quadrant for Secure E-mail Gateways, 2 July 2013
    http://www.xnetworks.es/promos/Proofpoint/Promo/Gartner-2013-Magic-Quadrant-for-Secure-E-mail-Gateways-070213.pdf
  22. Kaspersky Labs, Securelist, Types of Spam
    https://securelist.com/threats/types-of-spam/
  23. Statistica, Leading countries of origin for unsolicited spam e-mails in 2015, by share of worldwide spam volume
    http://www.statista.com/statistics/263086/countries-of-origin-of-spam/
  24. Symantec Blog, Malicious links: Spammers change malware delivery tactics, December 2014
    http://www.symantec.com/connect/blogs/malicious-links-spammers-change-malware-delivery-tactics
  25. APWG, Global Phishing Survey: Trends and Domain Name Use in 2H2014, May 2015
    http://internetidentity.com/wp-content/uploads/2015/05/APWG_Global_Phishing_Report_2H_2014.pdf
  26. IBM Security Services 2014: Cyber Security Intelligence Index
    http://www.slideshare.net/ibmsecurity/2014-cyber-security-intelligence-index
  27. Verizon, 2014 Data Breach Investigations Report
    http://www.verizonenterprise.com/DBIR/