Internet Guide Logo

What is Email - Electronic Mail

bullet Introduction

Email stands for electronic mail, and is a messaging service found upon the Internet. Electronic mail has been likened to a regular postal letter: containing an address, routing information and content. Email uses a range of application layer protocols (IMAP, POP3, SMTP), found within the Internet Protocol Suite, to route messages from mail servers to users. An email address is required to send and receive email messages: the majority of Internet Service Providers provide a free email account to customers, additionally, there is a plethora of companies who provide free webmail accounts, such as: Gmail and Yahoo. Email is based upon the client-server model: where client programs send requests to mail servers to send and receive emails. There are two categories of email client applications: 1) webmail clients, accessed through a website, such as; 2) stand-alone client programs that are installed by a user onto their computer system, such as Outlook Express. Email has proved to be one of the Internet's most popular services, while it has been commended for improving global communications, it has been criticised for its security (spam, phishing, viruses and malware).

bullet History

The history of email predates the Internet: the SNDMSG program, designed for the TENEX operating system, was the first program that was modified to send and receive email messages. Released in the early 1970s, SNDMSG allowed users to compose, address, and send electronic messages to the mailbox of other TENEX users. The first message sent on TENEX was sent in 1971, and the program was available by 1972. Ray Tomlinson modified SNDMSG so it could send and receive email messages, and is therefore credited as the inventor of email. While SNDMSG was the first email program, it was not the first digital messaging system: in the 1960s, MIT's CTSS computer system, and IBM's Administrative Terminal System, both featured messaging systems.

Ray Tomlinson had previously helped develop ARPANET's Network Control Program - forerunner to TCP/IP and the Internet - and his TENEX email program made a fairly seamless transition to the ARPANET computer network. Tomlinson used code from the CPYNET program to make SNDMSG the first ARPANET (network capable) email program. Email was a popular ARPANET service, and the following Internet pioneers had a 'hand' in its development (creating protocols or applications): Jon Postel, Barry Wessler, Marty Yonke, Larry Roberts, Steve Tepper, Bill Crosby, Steve Walker, Dave Farber, Dave Crocker, and John Vittal. Some early email applications, that improved upon SNDMSG and READMAIL, include: RD, NRD, WRD, MSG, MS, MH, MMDF and Sendmail.

The File Transfer Protocol (FTP) protocol was originally used to transport email messages; FTP commands, MLFL and MAIL, were created to facilitate the SNDMSG program. One of the earliest documents that discussed the FTP mail protocol was RFC 561 (published: September 1973): titled "Standardizing Network Mail Headers", it was written by: Abhay Bhushan, Ken Pogran, Ray Tomlinson and Jim White. An expanded discussion of email and APRANET was provided in RFC 733 (published: November 1977): titled "Standard For The Format Of ARPA Network Text Messages", it was written by: David H. Crocker, John J. Vittal, Kenneth T. Pogran and D. Austin Henderson, Jr.

Modern stand-alone protocols were developed for email in the 1980s, such as: IMAP, X400, POP, SMTP, and UUCP. The most important protocol developed for email is SMTP: developed in the early 1980s, it was originally outlined in RFC 821 (1982) by Jonathan B. Postel, who stated its "objective is to transfer mail reliably and efficiently". POP was the next 'core' protocol developed for email; outlined in RFC 918 (1984) by J. K. Reynolds. The 'holy trinity' of email protocols was finalised in 1986, when Mark Crispin developed IMAP, and provided its specification in RFC documents RFC 1064, RFC 2060 and RFC 3501. Email protocols that did not 'make the cut', and are now obsolete, include Jon Postel's Mail Transfer Protocol (MTP). Most modern email systems still rely upon: SMTP, POP and IMAP.

bullet Email: Message Format

The format for email messages has largely remained the same since Ray Tomlinson sent the first email in 1971; however, it has subtly evolved, and important document detailing how email has evolved include the following RFC documents: RFC733, RFC822, RFC1342, RFC1521, RFC1522, RFC1590, RFC2045, RFC2046, RFC2047, RFC2048, RFC2049, RFC2822, RFC4021, and RFC5322. Important contributors to the format of email messages include: P. Resnick, G. Klyne, J. Palme, David H. Crocker, John J. Vittal, N. Borenstein, N. Freed, K. Moore, J. Postel, Kenneth T. Pogran and D. Austin Henderson, Jr. The format of email messages is broken into two sections: 1) a header, 2) message body. (read more: header and body)

Header: The header of an email message is more complex than the body: this is due to it containing the information needed to encode and route the email message. Instruction lines within the header section are referred to as header identifiers: the primary role of these identifiers is to provide routing commands for mail transfer agents (which play the online role of a postal service). Some of these identifiers are mandatory for an email message; which basically means the email message cannot be sent without them: the following identifiers are mandatory: From and Date. Alongside the mandatory header identifiers, there are a plethora of identifiers which deal with the cosmetic aspects of the email. Popular identifiers you will find in an email header include: Return-Path, Delivered-To, Received, Date, To, From, Reply-to, Subject, Message-ID, MIME-Version, and Content-Type. Email headers sometimes contain two or more of the same identifiers, usually the "received" and "date" identifiers, which are added to the header by each mail transfer agent that handles the message.

Body: The body section of an email message is far less complex: as it contains the content of the message. Originally, the body section of emails only supported plain text (7-bit ASCII), and some mail servers still only support plain text. The Multipurpose Internet Mail Extensions (MIME) was designed in the 1990s, and supported character sets other than ASCII - such as HTML. The drawback to MIME was an increase of professional 'looking' phishing attacks and decreased security. Email service providers usually provide a limit to the size of an email message, and therefore the size of the body of the email message: usually in the region of 20 megabytes. If an email message has a size limit of 20 megabytes, then the body and body_text fields are usually restricted to 10 megabytes each.

bullet Anatomy of an Email address

The syntax format of email addresses has remained the same since the first email was sent: user @ computer. However, the computer section of email addresses has changed because email existed before the Domain Name System (DNS); DNS domain names are currently an essential component of modern email addresses. Historical email addresses relied upon the ability of servers to connect directly to one another; DNS was developed, in part, to solve this unwieldy and clumsy design issue. The syntax of email addresses can be broken down into three components: ( 1. tom 2. @ 3.

The first component of an email address is the username (tom), which refers to the recipient's account name at a mail service; also referred to as the 'local' part of an email address. The username of an email address is locally unique, but is not globally unique; the username (tom) could be used at an unlimited amount of mail servers:,, etc.

The second component of an email address is the @ sign, which is included in every email address, and means 'at' and connects the local part of the email address to the host (service provider) of the email address. The use of the @ symbol dates back to the first ever email message, and was invented by Ray Tomlinson.

The third component of an email address is the hostname (, which is a domain name, and is associated with a mail server. Domain names are part of the Domain Name System (DNS): a naming system for the Internet that converts alphanumeric domain names into an IP address; so that users can easily find the address of an Internet resource. Domain names are connected to mail servers through the DNS MX record field. The domain name of an email address includes two (or more) sections: has a second level domain (example) and a top level domain (com). The second level domain can be registered through DNS registrars, which enables users to have a personalised email address rather than a universal one. There is over 1000 top level domains that can be used for a personalised email address, such as: com, org, net, uk, fr, gr, info, mil, gov and edu.

bullet Email: transfer, retrieval and storage

Email messages are transferred from one computer to another using software named a Mail Transfer Agent (MTA); also referred to as a Mail Relay. MTAs implement the Simple Mail Transfer Protocol (SMTP) and mail servers are the computers that use MTA software. MTAs are sometimes referred to as mail server programs; Sendmail and Microsoft Exchange Server are two examples of an MTA. SMTP sessions use commands like: DATA, EXPN, HELO, HELP, MAIL, NOOP, QUIT, RCPT, RSET and VRFY - beginning with HELO, transacting with MAIL and ending with QUIT. You can learn more about the SMTP protocol by reading Request for Comments documents RFC 5322 and RFC 5321.

Email is built upon a client server model: the Mail Transfer Agent (MTA) receives mail from a Mail User Agent (MUA) (client program like Outlook Express), another Mail Transfer Agent (MTA), or a Mail Submission Agent (MSA) (outgoing mail server). How the mail is transported is specified by SMTP. The header section of an email message (received field) will list the MTAs that have handled the email message. Email addresses contain a domain name that is linked to a mail server, through the DNS MX record field, and this will dictate where an email message is sent and received.

Once the email has been transported and reaches the Message Delivery Agent (MDA) it then needs to be stored in a mailbox. There are many formats that can handle mailbox storage, perhaps the most simple and efficient is Maildir. Maildir operates by creating unique temporary files for each retrieved message. It will depend on the client or webmail, as to which storage format they will use; Maildir, for example, was designed for the qmail program, but is compatible with other clients. Not all storage formats create unique files for each e-mail; another option is to use a collective database format; mBox is one such example, storing messages in one single file. Why are there a variety of different techniques for storing messages? Unlike message transfer, the Internet Engineering Task Force (IETF) has not developed a standard mechanism for storage.

Email messages are typically retrieved by a Mail User Agent (MUA) using the Post Office Protocol (POP3) or the Internet Message Access Protocol (IMAP); although there are other protocols that fulfil this role. A rough outline of the transfer, storage and retrieval of email messages is as follows:

  1. A sender composes an email message in a Mail User Agent (MUA).
  2. The Mail User Agent (MUA) then formats the message in an SMTP format.
  3. The email message is sent to a local MTA.
  4. The MTA reads the destination address using the domain address in the email address ''.
  5. The MTA will lookup the mail server address using the DNS MX record field of the domain name.
  6. The DNS system will give the MTA the 'mail exchange server' for the domain.
  7. The MTA will send the email onto the mail exchange server using SMTP.
  8. The email message will arrive at the Message Delivery Agent (MDA) that will store the message in the user's mailbox.
  9. The users Mail User Agent (MUA) will use POP or IMAP to retrieve the message from the mailbox.
bullet Webmail

Webmail, as the name would suggest, is a email service that is accessed through the World Wide Web. The World Wide Web was launched as an Internet service in 1991, whereas email was invented in the early 1970s, therefore, webmail is a relatively new development for email. Before webmail existed, users accessed email through a stand-alone client application (Mail User Agent (MUA)) like Eudora. Webmail uses the same protocols as stand-alone clients, the only difference is the way the email account is accessed. While there is a wide selection of webmail providers, the market has been dominated by large tech companies, such as: aol, msn, hotmail, yahoo,, lycos, and gmail. Early webmail services were criticised for a lack of protection against email abuses (bombs, spam and flooding), most modern webmail services now includes protection against these attacks. Webmail accounts tend to be free to register - revenue is generated by targeted advertisements - but there are professional webmail services that provide additional features, such as a personalised email address. One of the key advantages of webmail is accessibility: users only need to access the World Wide Web to access their email account, whereas with a stand-alone email client, the user typically needs to use a specific device to access their email.

bullet Security

Some issues which have effected the security of email are the following:

Bombing: To "bomb" or "bombing" an email account - usually referred to as "email bombing" - is the practice of sending a huge amount of email messages to the account so that it can no longer be accessed. Virtually every "paid" or "free" email account has a storage limit; in the past the storage limit of these accounts was much lower: typically 1-10mb, whereas in 2012 it can be 1-10gb. Therefore, in the past, it was relatively easy to bomb an email with emails - usually including large attachments - that would exceed the storage capacity of 1-10mb; forcing the account administrator to suspend the account. Email bombing is usually classified as a form of a "denial of service" attack, also referred to simple as a DoS attack. Email service providers do have more armory to protect against email bombing: specifically through the use of spam filters. There are numerous spam filter software application available, and virtually all commercial email service providers have incorporated a filter into their service. Email bombers typically uses the same automated software as email spammers use; however, the techniques used to email bomb are constantly being revised.

Encryption: Is the process of converting plain text into scrambled cipher text. Most free webmail services and some free email clients provide encryption. When sending an email without encryption, it is possible for someone to intercept the data packets and read the data within the message. Therefore, encryption is a vital option for ensuring a confidential message can only be read by the intended recipient. However, due to a number of reasons, the uptake of email encryption by users and companies is fairly low. It must be stated however, that privacy is still a considerable problem when it comes to email; the majority of email messages are still not encrypted (2012). The reason why email is insecure is that email messages have to be passed through numerous mail transfer agents (like postal sorting offices): this makes it possible to intercept the message. Likewise, backup copies of email messages can remain on mail servers for months, which is again a security issue if the message is not encrypted. There are many email encryption protocols and systems available; however, many of these encryption systems require both sender and receiver to exchange their identities, such as: Digital ID and Public Key Certificate. Once the sender and receiver have done this, it makes the exchange of encrypted email messages a simple process. However, the complexity and time-consuming nature of this process is probably why email encryption is not extensively used. Phil Zimmerman created the original email encryption program: Pretty Good Privacy.

Jamming: Jamming is a response to ECHELON, a communication interception network, which is operated by AUSCANZUKUS, which includes: Australia, Canada, New Zealand, United Kingdom and United States. An investigation of ECHELON was undertaken by the European Union in 2001. It concluded that the network intercepted and scanned the contents of communication for keywords and phrases. The communication technologies it intercepted were as follows: Telephone calls, Fax, E-mail and a Proposal to monitor sites such as facebook and twitter. A further antagonisation for jammers was the introduction of the Regulation of Investigatory Powers Act in 2000. The act allows UK intelligence agencies to intercept and read the contents of emails sent by suspected criminals. The role of jamming is to introduce sensitive words into harmless email messages: which will then force authorities to monitor an account and basically to waste their time. The function of jamming is two fold: either as an annoyance, or to intentionally divert the time and effort of intelligence agencies. There is also a theory that once an email account has tripped the monitor - and has been noted as harmless - then the account will be free of any further monitoring.

Mule Account: A mule email account is an account which is used for purposes not related to an individual's social/personal life, and will be registered with details not applicable to that individual. The purposes of a mule account are as follows: 1. To register for forums and other membership only sites. Leaving the individual's real account free of spam and not compromising the privacy of the individual (contact details, name etc); 2. To commit some form of cyber crime or dubious online practice. Most security commentators would agree that mule accounts - on the whole - are a harmless practice aimed at withholding personal details and providing anonymity. There is no governmental pressure which would force individuals to register genuine details on an email account. Although there is no research to indicate how many mule accounts have been created, many experts in the field would suggest that a large proportion of webmail accounts are registered with the sole purpose of functioning as a mule account. In comparison, an e-mail account tied to an e-mail client - such as Outlook Express - is less likely to function as a mule. The future of mule accounts will mostly likely depend upon the public opinion of Web anonymity. Whilst spam is currently viewed as a nuisance to most users - and email fraud is commonplace - the current solution appears to be to educate users against the perils of email rather than to introduce draconian measures against it.

Password: It is generally recommended that the password of an email account be changed on a regular basis: once a month, or once a week for those with a little paranoia. When choosing the syntax for a password, it's important you do not do the following: Pick a password about something personal to you (birthday etc); Use a word: hackers can use dictionaries to match a password to an account. It's recommended, when picking a password, to pick a jumbled up sequence of letters and numbers; the letters being a mix of lower and upper case characters. The longer the password the better; most webmail services require a password which is 6-8 characters in length, although it is probably wise to select one which is longer. An example of a password could be something such as: aBB71kPo57nb9. Basically, a long password, which has no discernible meaning is much harder to crack than one which is short and does; especially if it has a personal meaning to the user. Of course, short passwords which do have a meaning, are much easier to remember. There are password storage programs, such as Roboform, which store and input passwords into login forms - ideal for difficult to remember passwords.

Phishing: Phishing is an attempt to create an electronic document which attempts to mimic/masquerade an official/trusted source: most commonly banks and commercial companies. As you may have assumed, the term phishing is a play on the word fishing: as in to "bait" a person for information. The purpose of phishing is to steal the: username, password or payment/personal details of a user of any electronic service; a phishing attempt will usually ask for one of the aforementioned details due to an "internal company error" etc. While phishing can be incorporated into any electronic communication, it is widely attempted via electronics mail. Due to the ease of harvesting email addresses via the World Wide Web, using email to "phish" is a logical step for those who attempt it. Email was originally a text only messaging technology, and phishing was/is less sophisticated via this route. However, via MIME protocols, email can support HTML; HTML emails are far more sophisticated, featuring images and hyerplinks, and can be "mocked" up to look exactly like an email from an official/trusted source. Phishing is a serious online security issue; reports have suggested that millions of users are effected each year, with a financial loss of million of pounds per year in the United Kingdom via banking fraud.

Spam: Refers to unsolicited email messages, which are sent without the recipients permission; usually due to the spammer harvesting the account from a website. Most webmail services now include a spam filter, which detects spam based upon: Header Analyser, Server Blocker, Text Pattern Analyser, Anti-Spam Lists, Language Filtering and Blacklist / Whitelist entries. Most email providers automatically activate spam protection for every email account, and generally do not recommend deactivating a spam filter under any circumstance. The one problem with spam filters, is they can block automated email messages which the user wishes to receive: such as when they sign up for an account on a discussion forum, or have signed up for a newsletter. Due to these emails being automated, they often appear as spam to spam filters. It should be noted that spam filters do not provide 100% spam protection, but, should, on the whole, block the majority of spam if they are kept up to date and installed correctly by the user/email provider. Spammers - the sophisticated ones - are always updating their techniques to circumvent the spam filters, so, there is always the risk a spam filter will not be effective for every type of spam.

Spoofing: Spoofing is when an email message is made to appear as if it came from address it did not. The header information of an email will usually contain the email address and IP address of the sender. The spoof email message - created by a spoofer - will doctor this data to make it appear as if it came from an email address and IP address it did not originate from. Spoofing has become more prevalent as Internet usage has increased, and especially as commerce has increased on the Internet. It's very common for spoofers to create email message purporting to be from a bank, asking for user login details, due to some sort of security error. Alongside the email header being spoofed, these email usually look to be genuine, with the correct logo and branding. Spoofing is possible due to a lack of sender authentication in the mail transfer protocol: SMTP. While steps have been taken to remedy this loophole, they are not always implemented (such as a Sender Policy Framework). There are a number of third party software applications - which are easy to download for free - which allows people to spoof.

Virus: Email began as a text-only messaging service; as such, it did not previously pose a serious security risk in terms of: viruses, trojan horses, malware and others nasties. However, the email format was expanded - via MIME - to include additional features such as imbedded HTML and attachment files. This expansion of the email format - whilst intended to offer users a more expansive service - had the knock on effect of posing a far more serious security risk. Imbedded activeX components in the body of email messages, hyperlinks imbedded in the body of email messages, and, of course, file attachments, could pose as harmless, but, in fact, be a virus etc. It would be fair to say that in the 1990s the majority of virus infections were the result of infected attachments in emails. Thus, email providers had a huge headache, and the solution was to imbed an anti-virus scanner into their service. Present day, every webmail service worth its salt - likewise for anti-virus applications - will scan every email for viruses. It's not uncommon for email providers to employ experts like McAfee and Symantec to provide their anti-virus protection. Is this to say it's impossible to receive a virus via email? no, but there is certainly more protection than in the 1990s, when it was common place.

bullet Frequently Asked Questions

How big can email attachments be?