Originally written in 2012

What are emails and how does it work?

What are emails?  Emails basically replaced traditional mail.  It is a way to send information to another person or system by using the Internet.  It can be used to send text, pictures and any kind of file types available to us.  But how does it work?

Email for the most part works with the SMTP protocol using port 25.  If you are not familiar with computer ports imagine you live in an apartment building.  This building has a main mailing address so all mail can be delivered to your building.  When the person in charge of the mail in your building receives an envelope, he/she checks the envelope for a name and apartment number, finds the correct mail box and drops the envelope there.  If a letter arrives with no address or if the mail box is not identified?  The mail is discarded.  Computer ports work in a similar fashion.

Computer ports used by the TCP / IP protocol (the most popular protocol for the Internet) are a way to identify where a data packet (mail envelope) needs to go.  Your computer has a unique IP address, an address that identifies it.  There are multiple programs or applications on your computers that need to send and receive data.  To know which data belongs to which program, we use ports.

The current standard format for IP addresses (IP version 4) uses a series of 4 numbers from 0-255.  To find out your current IP address you can click the start button (bottom left of screen), in the search field type cmd (for Windows Vista/7) or click run and then type cmd (for Win XP).  We’ve just opened a Command Prompt which is a CLI, or command line interface.  Anything you do with a click of your mouse can be done with a command in the Command Prompt.  In the Command Prompt, type ipconfig.


Your IP address is listed under Ethernet adapter Local Area Connection if you are using a physical connection, or Wireless LAN adapter Wireless Network Connection if using a wireless adapter.  It is typical for your address to be in the 10.X.X.X, 172.16.X.X or 192.168.1.X if you are behind a home router.  This address identifies your computer.  A port used with your system is listed as an extension of your IP address.  In my case it would be for example for the FTP protocol.  Ports range from 0 to 65 535.

Well known ports typically use a number lower than 1024.  Some more common ones are 21 for FTP, 22 for SSH, 25 for SMTP and 80 for HTTP (Internet).  So if an Internet data packet wants to reach your computer, it needs to have, in my case, a address.  But do I want all the ports to be listening (opened)?  Probably not, as malware, viruses and what not could sneak in.

Routers have what we call a firewall which basically makes sure that only legitimate and wanted traffic goes through.  Windows also have a built in firewall located at Start > Control Panel > Windows Firewall.  If it’s not on, you should turn it on.  A previous article explains the importance of a router and firewall in your home network.

So a computer port is a way for a program or application to talk to the outside world and receive information.  It gives the program or application a unique address so it can be found by the Internet.

SMTP is responsible for receiving and sending the actual emails.  To understand how SMTP works we must talk about sender and receiver information.  When we send a real letter we have an actual letter with our information which contains a heading with the receiver’s information and we sign the letter, us the sender.  We also have an envelope with the sender and receiver’s information on them.  So we have four addresses: ES (envelope sender), ER (envelope receiver), HS (header sender) and HR (header receiver).

The SMTP protocol uses the ES and ER to determine where to send the email and where it came from.  The HS and HR are what is being displayed in your favourite email client (the TO: and FROM: fields).  After that comes the data and once everything is ready, SMTP happily sends the email along.  You can even Telnet to the SMTP protocol using the IP address of the server and the port number associated to SMTP, 25.  SMTP is a very polite protocol!


Now why do we need four addresses?  What if someone in an enterprise is the designated webmaster for www.example.com?  Usually such a person, let’s call him John, would already have an account with a regular email, so we simply want to forward webmaster@example.com to john@example.com.  But for John’s benefit, he needs to know which emails are addressed to him and which are addressed to webmaster.  The email server will simply have to change the ER to John’s address, but keep the HR to webmaster so that John knows who the email is for.  This is called masquerading.

What about if our full email address is john@not.a.good.example.com?  It would be a lot easier if it could come back as only john@example.com, much easier to remember.  We can ask the email server to change the HS, the address the receiver sees, from not.a.good.example.com to simply example.com so that when the user replies, the email server knows exactly where the email goes and the sending user is none the wiser.

This could lead to another problem then.  Email phishing, which will be discussed in a future article.