E-mail security means that e-mail is obtained or tampered by attackers, virus e-mail, spam, e-mail bomb and so on, which seriously endanger the normal use of e-mail, and even cause serious damage to the computer and network. E-mail security means that e-mail is obtained or tampered by attackers, virus e-mail, spam, e-mail bomb and so on, which seriously endanger the normal use of e-mail, and even cause serious damage to the computer and network.
With the rapid development of computer technology and the widespread popularity of the Internet, e-mail is more and more used in all aspects of social production, life and learning, and plays an important role. When people enjoy the convenience and quickness brought by e-mail, they also have to face the e-mail security problems brought by the openness of the Internet and computer software vulnerabilities, such as the attacker’s access to or tampering with e-mail, virus e-mail, spam, e-mail bomb, etc., which seriously endanger the normal use of e-mail, and even cause serious damage to the computer and network.
Classification of security issues
Security vulnerability of SMTP
电子邮件在因特网传输时，一般采用 SMTP，一种属于 TCP/IP 的协议，该协议明确定义了计算机系统间电子邮件的交换规则。邮件在发送时需要用不同的邮件服务器进行转发，这种转发过程一直持续到电子邮件到达最终接收主机。而 SMTP 自身存在先天安全隐患，它传输的数据没有经过任何加密，于是攻击者在电子邮件数据包经过这些邮件服务器的时候把它截取下来，就可获得这些邮件的信息，然后按照数据包的顺序重新还原成为你发送的原始文件。邮件发送者发送完电子邮件后，不知道它会通过哪些邮件服务器到达最终的主机，也无法确定在经过这些邮件服务器时是否有人把它截获下来。从技术上看，没有任何办法可以阻止攻击者截获在网络上传输的数据包。
When e-mail is transmitted on the Internet, it usually adopts SMTP, a TCP / IP protocol, which clearly defines the exchange rules of e-mail between computer systems. When the e-mail is sent, it needs to be forwarded by different e-mail servers. This forwarding process continues until the e-mail arrives at the final receiving host. However, SMTP itself has inherent security risks. The data it transmits is not encrypted, so the attacker intercepts the e-mail packets when they pass through these e-mail servers, and then can obtain the information of these e-mails, and then restore them to the original files you sent according to the order of the packets. After the e-mail sender sends the e-mail, he does not know which e-mail servers it will pass through to the final host, nor can he determine whether someone intercepts it when passing through these e-mail servers. Technically, there is no way to prevent attackers from intercepting packets transmitted on the network.
Security vulnerability of e-mail receiving client software
邮件接收客户端软件的设计缺陷也会造成电子邮件的安全漏洞，如微软的 Outlook 和 Outlook Express 功能强大，能够和操作系统融为一体，具有相当多的使用者，但它们可能传播病毒和木马程序。一旦木马程序进入用户计算机，一切都将会处于黑客的控制之下。而病毒一旦发作，轻则损坏硬盘上的文件，甚至整个硬盘，重则会造成整个网络的瘫痪。电子邮件传播病毒通常是把自己作为附件发送给被攻击者，一旦被攻击者打开了病毒邮件的附件，病毒就会感染其计算机，然后自动打开其 Outlook 的地址簿，将自己发送到被攻击者地址簿上的每一个电子邮箱中，这正是电子邮件病毒能够迅速大而积传播的原因所在。电子邮件客户端程序的一些 bug 也常被攻击者利用来传播电子邮件病毒。Outlook 曾经就因为存在这方而的漏洞被攻击者用来编制特殊的代码，这样，即使被攻击者收到邮件后不打开附件，也会自动运行病毒文件。
For example, Microsoft’s outlook and Outlook Express are powerful, can be integrated with the operating system, and have quite a number of users, but they may spread viruses and Trojan horse programs. Once the Trojan program enters the user’s computer, everything will be under the control of hackers. Once the virus breaks out, it will damage the files on the hard disk, even the whole hard disk, or cause the paralysis of the whole network. E-mail virus usually sends itself as an attachment to the attacker. Once the attacker opens the attachment, the virus will infect his computer and open his outlook automatically This is the reason why e-mail virus can spread rapidly. Some bugs of e-mail client program are often used by attackers to spread e-mail virus. Outlook has been used by attackers to compile special code because of this vulnerability, so that even if the attacker does not open the attachment after receiving the email, it will automatically run the virus file.
垃圾邮件是指向新闻组或他人电子邮箱发送的未经用户准许、不受用户欢迎的、难以退掉的电子邮件或电子邮件列表。垃圾邮件的常见内容包括：商业或个人网站广告、赚钱信息、成人广告、电子杂志、连环信等。垃圾邮件可以说是因特网给人类带来的副产品，其一，占用网络带宽，造成邮件服务器拥塞，降低了整个网络运行的速率。其二，侵犯收件人的隐私权，耗费收件人的时间、精力和金钱，占用收件人信箱空间。其三，严重影响 ISP (Internet 服务提供者)的形象。在国际上，频繁转发垃圾邮件的主机会被上级因特网服务提供商列入垃圾邮件数据库，从而导致该主机不能访问国外许多网络。而且收到垃圾邮件的用户会因为 ISP 没有建立完善的垃圾邮件过滤机制，而转向其他 ISP。其四，骗人钱财，传播色情，发布反动言论等内容的垃圾邮件，已经对现实社会造成危害。其五，被黑客利用成为助纣为虐的工具。如 2000 年 2 月，黑客攻击雅虎等 5 大热门网站时，先是侵入并控制了一些高带宽的网站，集中众多服务器的带宽能力，然后用数以亿万计的垃圾邮件猛烈袭击口标，造成被攻击者网站网路堵塞，最终瘫痪。
Spam is a kind of e-mail or e-mail list that is sent to newsgroups or other people’s e-mail boxes, which is not allowed by users, is not welcomed by users, and is difficult to return. The common contents of spam include: commercial or personal website advertisement, money making information, adult advertisement, e-magazine, serial letter, etc. Spam can be said to be the by-product of the Internet. First, it takes up the network bandwidth, causes the mail server congestion, and reduces the speed of the whole network. Second, it infringes on the privacy of the recipient, consumes the recipient’s time, energy and money, and occupies the recipient’s mailbox space. Third, it seriously affects the image of ISP (Internet service provider). In the world, the host that frequently forwards spam will be listed in the spam database by the superior Internet service provider, resulting in the host can not access many foreign networks. Moreover, users who receive spam will turn to other ISPs because ISP has not established a perfect spam filtering mechanism. Fourth, spam, which swindles people’s money, spreads pornography and publishes reactionary remarks, has done harm to the real society. Fifth, it is used by hackers as a tool to help tyrants. For example, in February 2000, when hackers attacked five popular websites such as Yahoo, they first intruded into and controlled some websites with high bandwidth, concentrated the bandwidth capacity of many servers, and then used hundreds of millions of spam to fiercely attack the logo, causing the network congestion of the attacked websites and eventually paralysis.
E-mail bomb means that the sender of e-mail overflows the space of the other e-mail server by sending huge spam, which makes it impossible to accept e-mail, or uses special E-mail software to continuously send e-mail to the same mailbox in a short period of time. In front of these tens of millions of large capacity letters, the inboxes must be overburdened, and eventually the e-mail will be destroyed “Killed in an explosion.”. After the mailbox is full, if it is not cleaned up in time, all e-mails sent to the user will be returned by the host. However, the mailbox that has been burst is likely to make mistakes all the time, resulting in its mailbox being paralyzed for a long time. E-mail bomb will also consume a lot of network resources, often lead to network congestion, so that a large number of users can not use it normally.
既然没有任何办法可以组织攻击者截获在网络上传输的数据包，那么，惟一能采取的措施就是在发送邮件前对其进行数宇加密处理，接受方接到电子邮件后对其进行数宇解密处理，这样，即使攻击者截获了电子邮件，他而对的也只是一堆没有任何意义的乱码。所谓加密，是指将一个明文信息经过加密密钥及加密函数的转换，变成无意义的密文，当需要的时候则将此密文经过解密函数、解密密钥还原成明文。最常用的加密软件是 PGP (Pretty Good Privacy), PGP 是一个基于 RSA (Rivest Shamir Adleman)公钥加密体系的邮件加密软件，它提出了公共钥匙或不对称文件加密和数字签名。RSA 算法是一种基于大数不可能质因数分解假设的公钥体系。简单地说就是找两个很大的质数，一个公开给世界，称之为“公钥”，另一个不告诉任何人，称之为“私钥”。两把密钥互补—用公钥加密的密文可以用私钥解密，反过来也一样。假设 A 寄信给 B，他们知道对方的公钥，A 可以用 B 的公钥加密邮件寄出，B 收到后用自己的私钥解出 A 的原文，这样就保证了邮件的安全，以防阻止非授权者阅读，还能对邮件进行数字签名从而使收信人确信邮件是由你发出的。
Since there is no way to organize the attacker to intercept the data packets transmitted on the network, the only measure that can be taken is to encrypt the e-mail before sending it, and decrypt the e-mail after receiving it. In this way, even if the attacker intercepts the e-mail, he is only right for a pile of meaningless random code. The so-called encryption is to transform a plaintext into meaningless ciphertext through encryption key and encryption function. When necessary, the ciphertext is restored to plaintext through decryption function and decryption key. The most commonly used encryption software is PGP (pretty good privacy). PGP is a mail encryption software based on RSA (Rivest Shamir Adleman) public key encryption system. It proposes public key or asymmetric file encryption and digital signature. RSA algorithm is a public key system based on the assumption of impossible prime factorization of large numbers. In short, it is to find two large prime numbers. One is open to the world, which is called “public key”, and the other is not told to anyone, which is called “private key”. Two keys complement each other – a ciphertext encrypted with a public key can be decrypted with a private key, and vice versa. Suppose a sends a letter to B, and they know each other’s public key. A can encrypt the e-mail with B’s public key, and B can decode the original text of a with its own private key after receiving it, so as to ensure the security of the e-mail, prevent unauthorized readers from reading it, and digitally sign the e-mail, so that the recipient can be sure that the e-mail was sent by you.
Using firewall technology
防火墙是在受保护的内部网和外部网之间建立的网络通信安全监控系统，也可称之为控制进/出两个方向通信的门槛。在网络边界上通过建立起来的相应网络通信监控系统来隔离内部和外部网络，以阻挡外部网络的侵入。目前的防火墙主要有包过滤防火墙、代理防火墙和双穴主机防火墙 3 种类型。其中应用最广泛的防火墙为代理防火墙又称应用层网关级防火墙，它是由代理服务器和过滤路由器组成。过滤路由器负责网络互联，并对数据进行严格选择，然后将筛选过的数据传送给代理服务器。代理服务器起到外部网络申请访问内部网络的中间转接作用，其功能类似于一个数据转发器，它主要控制哪些用户能访问哪些服务类型。当外部网络向内部网络申请某种网络服务时，代理服务器接受申请，然后它根据其服务类型、服务内容、被服务的对象、服务者申请的时间、申请者的域名范围等来决定是否接受此项服务，如果接受，它就向内部网络转发这项请求，从而保护了内部网络不被非法访问。
Firewall is a network communication security monitoring system established between the protected internal network and the external network, which can also be called the threshold to control the two directions of communication. The corresponding network communication monitoring system is established on the network boundary to isolate the internal and external network, so as to prevent the invasion of the external network. At present, there are three types of firewalls: packet filtering firewall, proxy firewall and two hole host firewall. The most widely used firewall is proxy firewall, also known as application layer gateway level firewall, which is composed of proxy server and filter router. The filter router is responsible for the network interconnection, and strictly selects the data, and then transmits the filtered data to the proxy server. Proxy server plays an intermediate role in external network application to access internal network. Its function is similar to a data forwarder. It mainly controls which users can access which service types. When the external network applies for a certain network service from the internal network, the proxy server accepts the application, and then it decides whether to accept the service according to its service type, service content, object to be served, application time of the server, domain name range of the applicant, etc. if it accepts, it forwards the request to the internal network, so as to protect the internal network from illegal access Ask.
Update virus library in time
Therefore, the anti-virus software must be updated at any time according to the user’s anti-virus code.
Identify email viruses
一些邮件病毒具有广泛的共同特征，找出它们的共同点可以防止病毒的破坏。当收到邮件时，先看邮件大小及对方地址，如果发现邮件中无内容，无附件，邮件自身的大小又有几十 K 或更大或者附件的后缀名是双后缀，那么此类邮件中极可能包含有病毒，可直接删除此邮件，然后再清空废件箱。在清空废件箱后，一定要压缩一遍邮箱，否则杀毒软件在下次查毒时还会报有病毒。
Some e-mail viruses have a wide range of common characteristics. Finding out their common features can prevent the virus from destroying. When you receive an e-mail, first look at the size of the e-mail and the address of the other party. If you find that there is no content or attachment in the e-mail, the size of the e-mail itself is tens of K or larger, or the suffix of the attachment is double suffix, then this kind of e-mail is likely to contain viruses. You can directly delete this e-mail, and then empty the wastebox. After emptying the waste box, be sure to compress the mailbox, otherwise the antivirus software will report the virus when checking the virus next time.
Open real time monitoring firewall
Real time monitoring technology builds a dynamic and real-time anti-virus defense line for e-mail and system security. By modifying the operating system, it enables the operating system to have anti-virus function and keeps viruses out of the computer system. And the excellent anti-virus software uses the technology of seamless connection with the underlying operating system, the real-time monitor takes up very little system resources, users can hardly feel its impact on machine performance, and do not consider the problem of virus intrusion.