Certified E-Mail with Comodo and Thunderbird

Written by AbiusX on . Posted in Network, Security

This is intended to be a theoretical/practical tutorial on how to use email certificates to encrypt and digitally sign your emails. There are approximately 2 million emails transferred every hour, out of which 80% are spam, and the email world is really creepy, so I strongly recommend you to read the rest of this post.

First of all, let's cover some theory. There are three Internet protocols involved in sending and receiving emails: SMTP, IMAP, POP

Simple Mail Transfer Protocol is the one responsible for sending emails. An email client - where you compose your email, set recipients, attach files, etc. - sends your email data to a mail server via SMTP. The protocol is fairly simple and the only things worth mentioning is that it can do that under SSL (encrypted connection to server to transfer mail) and use Password Authentication to separate accounts.

Pactical Scenario: GMail

Most of us have used GMail, via creating an account in gmail.com and logging in there. It is very important to know that gmail.com is GMail Client, and smtp.gmail.com is GMail Server. When you log into the GMail, you access its client application, and do your stuff there. Since both client and server applications are on the same machine (Google Servers), your work is quickly sent to the server, that's why you usually don't notice.

Everybody can setup a Mail Server on their machine. Famous mail server applications are Microsoft Outlook for Windows and Exim and Postfix for Linux machines. GMail uses neither and has a custom coded server. You don't need to provide a password to a mail server, neither you have accounts there. You can send any email from any server to any server, i.e you can send email from admin@facebook.com with any body you want to me@abiusx.com. It's just a packet of data with a name on it (just like ordinary mail).

Famous servers like GMail, that deal with millions of users and lots of spam, implement technologies that require you to login, have accounts and do things lawfully. Other servers don't. Mail that doesn't follow GMail and other famous mail server's rules, are usually treated as spam.

Back to the theory

POP usually used as POP3, is the old-school mail receiving protocol. Mail client uses this protocol to download all mails from the server. The protocol is very handicapped and weak, much like FTP.

IMAP on the other hand is a pretty recent and powerful mail receiving protocol, so basically POP and IMAP are replacements of each other. There were days when not many mail servers provided IMAP to their clients, now almost every web server provides full IMAP support. GMail's IMAP is accessible at imap.gmail.com (Keep in mind that this is the domain for IMAP protocol, and not HTTP, so heading your browser to it would not bring up anything)