This week's topic is electronic mail, and how it works behind the scenes. As with the last few FAQ's, many of you will already know most of this, but hopefully there will be some new and interesting tidbits in here anyway.
So, what happens when I hit that "Send" button?
For example, let's say you send a message to "firstname.lastname@example.org" from somewhere on campus. It first goes to WOU's outgoing email server (which has the boring but easy-to-remember name of outgoing.wou.edu.) The email server program on first looks at the destination address(es) on the message. In this case, the message is addressed to someone in the wou.edu domain, so the outgoing server hands it directly to WOU's incoming email server for delivery. (More on that later.)
What about a message to an off-campus address?
If you had addressed your message to an off-campus address, let's say "email@example.com", our server sends the message out through our ISP to the email server at gmail.com. Never mind how it knows how to find GMail's server; the details of Internet routing are beyond this FAQ, but if anybody is curious, feel free to email me or post a question on the forum. The email server at gmail.com gets the message and determines if there is a user named "example" there. If there is, and there's not another problem such as a full inbox, GMail's server puts the message into that user's inbox.
What if the user doesn't exist?
If the user doesn't exist (most commonly because the person sending the mail put a typo in the To address), or their inbox is full, or a virus is detected, or there's any other reason the message can't be delivered, the receiving server will prepare an error message; this is called a "bounce". The server looks at the From address on the original message, and sends the bounce message to that address. The bounce message just notifies the sender that the message did not go through, often including the specific problem.
What about incoming mail?
Mail that addressed to someone on campus (whether it's from off or on campus) is first passed through the PureMessage spam and virus filter. If PureMessage finds a virus in the message, it deletes it, and edits the message so it contains a warning instead. The text "[PMX:Virus]" is added to the subject line; if you ever see this on an email in your WOU inbox, you can just delete the message if you want; it is not a threat, just a notification that PureMessage deleted a virus that was destined for your inbox. If PureMessage determines that the message is probably spam, it is just held in quarantine. As described in the FAQ about PureMessage, you can view those messages and decide if you want to release them. If you don't do anything, they are deleted after two weeks.
A message that is neither spam or a virus is released to your inbox on the incoming mail server, sundown.wou.edu. It waits there until you log in to Communications Express, or with another email program, and look at it.
Why do I get messages in my inbox that aren't addressed to me?
Well, they are really addressed to you, but it just doesn't look like it. You may notice when you compose an email you can add "BCC" addresses; that stands for "Blind Carbon Copy". When an outgoing email server sees a message with any BCC addresses on it, it sends the message to them, but deletes any mention of them from the visible part of the email. If a message is sent with a To address and twenty BCC addresses, all twenty-one people will get the message, but the only visible address will be the To address. None of the BCC addresses are visible to any of them. This trick is often used by spammers, but has enough legitimate uses that it isn't an option to just block BCC'ed messages completely.
Why do I get bounce messages from people I never sent email to?
Most often this happens because of viruses that use fake From addresses. As mentioned above, many servers have virus filters, and will send a bounce message it a virus is detected. Of course, the server has no way to know where the message really came from; all is has to go on is the From address, so that's where it sends the bounce. Don't panic if you get one of these; it doesn't mean your computer is infected with anything. Just go ahead and delete them, and don't click any attachments in them. Occasionally a virus will also fake one of these bounce messages, but you can just treat it the same way.
How is it possible to fake a From address?
Sorry, I'm not going to tell anyone how to do that. It's not terribly hard if you know what you are doing, but I don't want to be responsible for the trouble that could come from everyone on campus knowing how to do it. Please note that if you send an email with a fake address from any computer on campus, it is possible for us to find out where it really came from if there's a complaint about it. If you ever receive such a message and you have a question or concern about it, feel free to forward it to me at firstname.lastname@example.org; and please don't delete the original message, because we may need to examine the hidden portions of it for clues.
OK, then WHY is it possible to send email with a fake From address?
That's a good question. When the Internet protocols that govern email were designed back in 1982, there was no such thing as spam. The Internet (then mostly still called the ARPANet or ARPA Internet) was purely the province of research centers, some universities, the occasional computer company, and a few government and military organizations. It was thought that cases of abuse would be rare, and what cases there were could be caught easily because there were so few users (at least compared to today.) Verification of sending addresses was left out of the protocols because the amount of network overhead it would create was not thought worthwhile to solve such a small problem.
Of course, the Internet took off by leaps and bounds, and by the time spam started appearing, there were too many servers in existence to change the protocols on all of them. There have been several efforts to create systems for address verification, the most recent being in 2004, but so far all have failed for one reason or another.
What's this about "hidden" and "visible" portions of an email message?
The beginning of every email message contains several "headers"; for example, the From address is a header, as is the date the message was sent, the subject line, etc. Those headers are visible because they are more useful that way. However, there are other headers which most email programs don't show unless you specifically tell them to. For instance, every server that a message passes through adds a "Received" header indicating where it got the message from and when it arrived there (unfortunately, these headers can also be faked.)There are other hidden headers such as a unique message ID, the program that created the email message, technical information on how to interpret attachments, and so forth. These headers are generally not shown by email programs.
How can I see the hidden headers?
Most email programs have some sort of command for this, often called "Show all headers" or something along those lines. In Communications Express, if you look on the far right of the From line in a message, you will see a small triangle pointing to the right. If you click on it, it will reveal all the headers for that message. Since the hidden headers are not included when you forward a message, we may occasionally ask you to look at the hidden headers of a suspicious message and copy them out so you can send them to us. This is why we ask you to keep the original message on hand if you have a question about it.
Does WOU monitor my email usage?
No. Messages are scanned for spam and viruses, of course, but we do not monitor them for any particular content, even content generally considered offensive. Note, however, that in certain cases of criminal activity we can legally be ordered to produce the contents of someone's inbox and all saved message folders, including everything that can be restored from our backup system.
University Computing Services 503-838-8154 | or e-mail: email@example.com