Security Issues in SMTP-based Email Systems

Abstract

The SMTP standard was originally published in 1982 and has since then become one of the mostly used methods for data communication. Since its publication the standard has been modified with many extensions intended to handle security issues. A selection of the most common security issues that surfaces when these extensions are used in practice is identified and discussed in relation to confidentiality, integrity, availability, and authentication. The complexity of the current situation makes it clear why organizations, mail service providers, and users have great difficulty in securely managing their email systems. Most email systems are vulnerable and cause serious security risks for individuals, organizations, and societies. The risks have grown to be critical for the digitization of our societies.