9.1.2 POP and SMTP
After your e-mail client knows your e-mail address, it's going to need to know where to look for
incoming e-mail and where to send outgoing e-mail.
Your incoming e-mails are going to be on a computer called a POP server. The POP server –
usually named something like pop.smallnetwork.net or mail.smallnetwork.net – has a file on it
that is associated with your e-mail address and which contains e-mails that have been sent to
you from someone else. POP stands for post office protocol.
Your outgoing e-mails will be sent to a computer called a SMTP server. This server – named
smtp.smallnetwork.net – will look at the domain name contained in the e-mail address of any
e-mails that you send, then will perform a DNS lookup to determine which POP3 server it
should send the e-mail to. SMTP stands for simple mail transfer protocol.
When you start up your e-mail client, a number of things happen:
1. the client opens up a network connection to the POP server
2. the client sends your secret password to the POP server
3. the POP server sends your incoming e-mail to your local computer
4. the client sends your outgoing e-mail to the SMTP server.
The first thing to note is that you do not send a password to the SMTP server. SMTP is an old
protocol, designed in the early days of e-mail, at a time when almost everyone on the
Internet knew each other personally. The protocol was written with the assumption that
everyone who would be using it would be trustworthy, so SMTP doesn't check to ensure that
you are you. Most SMTP servers use other methods to authenticate users, but – in theory –
anyone can use any SMTP server to send e-mail. (For more information on this, see section
9.2.4 Forged Headers.)
9.1.2 郵局協議和簡單郵件傳輸協議
在電子郵件客戶端知道你的郵件地址後,就會知道向哪個地址接收郵件和發送郵件。
將發送給你的郵件被存放到POP服務器上,POP服務器---通常稱作pop.smallnetwork.net 或者mail.smallnetwork.net ---該服務器上有一個文件,這個文件存放着你的電子郵件地址和要發送給你的電子郵件。POP是郵局協議的簡寫。
你要發送的郵件將會被送到SMTP服務器上,該服務器---通常稱作smtp.smallnetwork.net ---會查看你要發送的地址的域名,然後通過DNS查詢器來決定要將該郵件發送到哪個POP3服務器上。SMTP是簡單郵件傳輸協議的簡寫。
當你登陸電子郵件客戶端同時,會發生一系列的事:
1、客戶端請求和POP服務器進行連接
2、客戶端將你的密碼發送到POP服務器上
3、POP服務器將發送給你的郵件發送到你的電腦上
4、客戶端將你要發送的郵件發送到SMTP服務器上
要注意的第一件事密碼不會發送到SMTP服務器上。SMTP是一個比較早的協議,是在使用郵件的早期設計的,那個時候網絡上所有的人基本上都認識對方。該協議設計出來的前提是每個使用電子郵件的人都是誠信的。所以SMTP沒有檢查發送郵件的人。絕大多數的SMTP服務器採用過其它方法去檢查用戶的真實性,但是,理論上,任何人都可以通過SMTP發送協議(要了解更多信息,查看9.2.4 僞造的郵件標題)
The second thing to note is that, when you send your secret password to the POP server, you
send it in a plaintext format. It may be hidden by little asterisks on your computer screen, but
it is transmitted through the network in an easily readable format. Anyone who is monitoring
traffic on the network – using a packet sniffer, for instance – will be able to clearly see your
password. You may feel certain that your network is safe, but you have little control over what
might be happening on any other network through which your data may pass.
The third, and possibly most important thing that you need to know about your e-mails, is that
they are – just like your password – transmitted and stored in a plain-text format. It is possible
that they may be monitored any time they are transferred from the server to your computer.
This all adds up to one truth: e-mail is not a secure method of transferring information. Sure, it's
great for relaying jokes, and sending out spunkball warnings, but, if you're not comfortable
yelling something out through the window to your neighbor, then maybe you should think
twice about putting it in an e-mail.
Does that sound paranoid? Well, yeah, it is paranoid, but that doesn't necessarily make it
untrue. Much of our e-mail communications are about insignificant details. No one but you,
Bob and Alice, care about your dinner plans for next Tuesday. And, even if Carol desperately
wants to know where you and Bob and Alice are eating next Tuesday, the odds are slim that
she has a packet sniffer running on any of the networks your e-mail might pass through. But, if
a company is known to use e-mail to arrange for credit card transactions, it is not unlikely to
assume that someone has, or is trying to, set up a method to sniff those credit card numbers
out of the network traffic.
要注意的第二件事:發送給POP服務器的密碼是以未加密文件形式發送的,在屏幕上是用*符號掩蓋,但是在網絡中卻是以一種極容易查看的格式傳輸的。任何一個監控網絡的人通過一個嗅探器就能很容易的竊取到你的密碼。你會覺得你電腦連接的網絡是安全的,但是你無法控制你發送的數據所要經過的網絡是不是安全的。
第三件事,也是最重要的一點,你需要知道你的郵件,和你的密碼一樣,是以未加密文件的形式被傳輸和儲存的。很可能它們在傳輸途中被掃描到。通過這些我們要知道:電子郵件不是一種安全的傳輸信息的方法。當然用它開玩笑,發送警告還是不錯的選擇,但是你不會喜歡通過窗戶大罵你的鄰居的感覺,所以如果要這麼做的話,你要三思而後行。
聽起來像幻想狂嗎?好吧,是,但是沒有必要說假話。大多數通過電子郵件傳輸的信息都是不重要的。假如你想通過郵件和Bob和Alice商量下週二喫什麼,除了你,Bob,Alice外沒有人想知道你們怎麼安排。就算Carol非常想知道你,Bob,Alice下週二在哪兒喫飯,她通過嗅探器掃描整個網絡來查看你的郵件的這種事情發生的機會會非常小。但是,如果知道一個公司通過郵件來進行信用卡交易,肯定會有人想方設法的通過網絡得到那些信用卡的號碼。