Email stands at the center of a number of news stories and recent scandals. Despite Bernie Sanders comments, it seems that people do want to talk about email servers. Because of my business and experience, I find that many of the people making the most noise on the topic fail to understand, or at least to communicate any real information and succeed only in stirring up a hornet’s nest of confusion on a rather complex topic. I’m going to make email a little less complex and mystical so that you can draw your own conclusions.
The Panama Papers, Secretary Clinton, and the DNC stand as the latest high profile victims of email controversy. Yet, I strongly suspect that even though most readers already formed opinions on these issues, the vast majority know very little about how the mail servers really work and what it takes to keep that mail secure.
1-Not in the box
A mail server don’t always exist in physical box or even a virtual server. Mail servers run as software as part of a larger server ecosystem. If you have one of our shared hosting packages, your email server runs on the same virtual server as your website, FTP and firewall. Each of those services take turns sharing resources with the same operating system and hardware components.
2-What is secure mail?
You find security central to all email scandals. When most people imagine security, they get a picture of muscular guards, or super genius computer nerds in turtlenecks, keeping a vigilant eye on a server. A puzzle box makes a more accurate image though. The truth about secure mail remains tied to the same issues that kept communication secure over centuries, putting it in a safe place with limited access, make it hard to understand and don’t tell anyone about it if they don’t absolutely need access.
Consider the first rule, if your mail needs the highest level of security because of potential scandal, identity theft concerns or federal regulation, you shouldn’t keep your email in the same space as your website. You want to keep a physical barrier in place so that a breach of other Internet services doesn’t expose the contents of your inbox as well. Free email providers, like Google, Yahoo or Microsoft stand out as such high profile targets that they may not be any better. Sarah Palin learned that when family details were shared from her Yahoo mail account.
3- I can’t read that!
Encrypting mail makes the job harder for outsiders to read the contents, even if they get it. Using a secure connection protects you while the mail moves between servers. A secure connection doesn’t mean that your server encrypts the stored data. A secure connection means that connections between you and the server get protection, for example on public wifi. If someone hacks the server, your mail may be sitting there in plain sight ready to copy and search for credit card, medical or other personal data.
The highest level of security, requires a secure connection and adds the extra requirement of encrypting/scrambling the stored mail. If a hacker, corporate spy or even a system administrator gets nosy, they can’t read the mail without valid login credentials. Doctors and people who handle sensitive financial data follow federal guidelines requiring this level of security.
4- What kind of host do you think I am?
Mail servers commonly get hacked for their clean reputation more than the contents of your mail. That’s why a secure connection alone proves adequate security for most communication. No one really wants to steal your grandmother’s chicken recipe. Controlling the flow of spam, most mail providers resort to black lists to banning mail from servers with bad reputations. Like some 1950s old movie, we constantly watch our reputation. Our mail server scored a 99 out of a possible 100 for clean reputation very recently.
With all the servers blocked spamming, hackers constantly try to control servers with good reputations. They use the hacked servers to send out spam and phishing emails. Unfortunately, many of those black lists stay behind locked doors where you can’t check your own reputation. The rest make a patchwork quilt of independent projects.
5- Follow the bouncing email
Getting a bounce message helps diagnosing mail problems easier. It also helps criminals sending storms of junk. As often as not, many providers simply choose not to bounce mail back at all. Leaving the sender in limbo, wondering where the mail went and why it didn’t get to the destination makes for one kind of torture. Worse fates befall the wayward sender with compromised domains. Like a mammoth on the tundra, tar pits will drag down mail senders who get tagged as problems. Tar pits allow a mail server to connect, but never complete the mail transaction. The tar pit wastes almost no energy keeping the connection open, but the sender eats up computer cycles that could be used on sending more spam.
Mail related issues consume a lot of our time. The many users per domain accounts for much of that. On the other hand, mail quickly becomes complex because it involves networks, senders and recipients. We only see the sender or recipient part of the equation. Like high school algebra, we have to solve for the unknown.
It’s easy to get into trouble with email. This post won’t settle any political debates. I only hope that you learned something that will keep you from making the next headline from mishandled email.