Islam Online- News Section

Like the police and demonstrators at anti-globalisation protests, e-mail has almost beaten the paper letter into submission, just click send, it’s simple. Yet do we understand what e-mail is? How e-mail is sent? The security problems it brings? E-mail’s great convenience equals its insecurity and embarrassment potential.

E-mail is a message made up of a series of lines containing ASCII (American Standard Code for Information Interchange) characters, specified by RFC 822. E-mail consists of two parts: the header and the body, separated by a blank line. The header consists of fields showing the sender, recipient, subject etc. The body contains the main message. Full headers, normally hidden in e-mail, are accessible by links at the top of e-mails.

The RFC 822 e-mail format relates only to text messages. The MIME (Multipurpose Internet Mail Extensions) format was introduced to extend the capabilities of text e-mails. It allows e-mails to carry image or video content and non-ASCII characters, like Arabic letters. Other features are new e-mail header fields and subtypes, which all describe the content of the body.

MIME Header	MIME Header Meanings
MIME-Version: 1.0	Version of MIME format
Content-Type: text/plain;charset=us-ascii	Original Body file format
Content-Transfer-Encoding: 7bit	How data is encoded to ASCII
Content-Description: Simple MIME message	Brief description of Body
Content-ID: <part01101@islam.example>	Associates unique ID with MIME
Content-Location: http://islam.example/simple.txt	Associates URL with MIME
Content-Disposition: inline	How an application should present the Body.

From Cairo to Calcutta, e-mail’s journey starts with a Mail Client like Microsoft Outlook. You supply a friend’s e-mail address in the To: field and your message in the body. Outlook translates this into an RFC 822 e-mail message.

Outlook contacts your Mail Server across the Local Area Network. Outlook then instructs your Mail Server using a protocol known as SMTP and sends the RFC 822 e-mail message.

Your Mail Server uses DNS (Domain Name Service) to find the IP address of your friend’s Mail Server, based on the e-mail address you enter in the To: field. Your Mail Server now opens up a connection to your friend’s Mail Server and uses the SMTP protocol to transfer the e-mail message across the Internet.

Your friend’s Mail Server receives the message. Other Mail Servers may act as relays if the e-mail travels over long distances. Your friend’s Mail Server has two options: deliver the e-mail directly to your friend’s Outlook program or store the e-mail for retrieval later. Mail Servers of companies such as Yahoo or Microsoft can hold copies of e-mail and have access to personal information. Bear this in mind, if you have concerns about privacy.

E-mail’s main attraction is its availability. You access your work or hotmail account through a web browser. The only control separating someone else from reading your e-mail is your “unique” username and password combination, yet when accessing e-mail accounts from a cyber café, library or labs, web browsers are often configured to store usernames and passwords.

Web browsers can also temporarily cache usernames and passwords for a fixed period, after you login. If you fail to delete the cache, it’s possible for anyone to use these details to access your account.

Conspiracy theorists know about the use of hidden keystroke loggers on public computers. They act as a computer’s sixth sense, storing all the keys pressed on the computer, including your username and password. Hidden keystroke loggers are hard to discover, if installed. The FBI uses Keystroke loggers, like Magic Lantern, to discover suspected criminals passwords.

E-mail is a double-edged sword. An ordinary e-mail journeys insecurely through the information matrix. No Neo. No red pill or blue pill, just hacker agents waiting to access the Internet. E-mails can be changed, lost, contain viruses or end up in the wrong hands. E-mail has threats and causes threats.

Everyone has the right to privacy in their personal communications, yet e-mails are sent over clear open public networks. In July 2001, pharmaceutical giant Eli Lilly carelessly revealed over 600 patients’ e-mail addresses, when messages were sent to registered individuals as reminders about taking Prozac.

E-mail integrity means ensuring the message sent is not changed in transit. But if e-mail is sent over the public Internet, it can easily be altered. In February 2001, an individual claiming he was owed licences sued Signal Venture Fund. The heart of his court defence was an e-mail sent to him by the CEO. He lost the case after it became clear that he tampered with the e-mail.

Is the email you received really from the same person named in the TO: field? A well-known trick is the Nigerian 419 scam. Fraudsters pretended to be Nigerian Government officials, luring you with promises of large legitimate business contracts, which the fraudsters need an advance fee, from you, to set up. Variations on this include the satirical George Bush scam, where George asks for your help in securing Iraq’s oil assets. Don’t take it seriously if it appears in your mailbox.

Are there times when you’ve wished you didn’t hit that send button? On September 11th, within hours of the twin towers attack, Jo Moore’s email to colleagues, that it was a good time to “bury bad news” was met with disgust. As a special advisor to Stephen Byers, former UK Transport Secretary, it led to the loss of her job and eventually his resignation.

By signing a digital signature to your e-mail, users cannot later deny sending or receiving email. The digital signature represents your digital identity. This is a future minefield for governments everywhere.

By emulating registered letter mail most email programs allow you to request a receipt for your email by setting the "Return-Receipt-To" option with a button. An extra header is added to your email requesting a confirmation email response when the recipient opens your email. It’s useful for important e-mails.

The majority of viruses are spread by e-mail attachments. These can cripple your system and infect others. Examples of this are the famous Anna Kournikova virus, which crippled systems by creating huge volumes of e-mails, then posting them to other computers and overloading them.

In early 1997, e-mail servers belonging to a US Airbase were crashed by e-mail bomb attacks. A bombardment of e-mails were sent to mail servers until they couldn’t cope and crashed. Denial of service attacks can lead to a loss of data and money for businesses and individuals.

Insecure Mail Servers are seen as a gateway to accessing your system. They attract both hackers and e-mail spammers, who use the server as a back door or a relay to send bulk mail messages to other servers and people. To protect against being a spam host, the mail server relay feature must be turned off.

Annoying-email@everyinbox.com. Spam usually means unwanted commercial e-mail, sent in bulk, by unknown people. Spam is sent because it’s cheap and easy to do so. There are spam filters and companies found guilty can be prosecuted. Yet, it’s still hard to find solid proof due to relaying mail servers.

Viruses, loss of privacy and possible embarrassment may deter you clicking send. There are alternative solutions. Secure email solutions such as PGP, S/MIME and Hushmail try to address these problems, through encryption and digital signatures. Encryption, through use of a public key, changes your e-mail into an unreadable mess. A private key changes the mess back into a readable e-mail. The private key, checked against your public key is also used as a digital signature to verify your identity and to check the e-mail has not been altered.

PGP is a program used to encrypt and decrypt e-mail over the Internet. It issues you with a public and private key. You keep your private key secret and send your public key to friends. Through encryption, it aims to protect your privacy and provide controls to check e-mail integrity. PGP was seen as such a threat, that its creator Phil Zimmermann was under criminal investigation for three years by the US Customs Service. Until recently cryptographic software was classified by the US as a weapon, coming under strict export controls, though PGP is still available free.

Microsoft Outlook and other well-known products use S/MIME (Secure/Multipurpose Internet Mail Extensions), as a specification for secure e-mail. It allows the authentication of users, through digital signatures and privacy through encryption. S/MIME is similar to PGP but differs in its trust model.

Hushmail is a web-based e-mail service, like Hotmail, but allows encryption of e-mail from the user’s computer to the recipient’s computer. It works on the same public and private key principles as PGP, with one main difference. The encryption keys are password protected and stored on a Hushmail Server, which recovers them every time you want to send or receive e-mail. Though the public and private keys are not in your possession, Hushmail still offers more secure e-mail than either Yahoo or Hotmail.

Does it end here? Ordinary e-mail is still a deeply insecure digital postcard easily read or changed. Secure e-mail solutions offer some protection against e-mail security threats but not all. Mail servers are still attacked, passwords still broken. A good login password for your computer or email account is fundamental. Truly securing e-mail involves encryption, social awareness and common sense.

At a golden period of Islam 10th century Abbasid caliphs used encryption to ensure secure communications for the State. Books like “Adab al-Kuttab” (The Secretaries Manual) had sections dedicated to cryptography. Now cryptography is available to all, shouldn’t we be carrying on the tradition?

Mostafa Yakasai has a Bachelors Degree in Media Technology and Media Studies. He has experience in PC maintenance, graphics designing, and has worked on the editorial board of his University’s creative arts magazine in addition to reading news for the University radio station. In his spare time he writes short stories and writes and performs spoken word poetry. You may contact him at mtech@islam-online.net .