How Do Your Private Email Messages Travel the Internet (How Email Works)?
Email (or electronic mail as it was first called) is decades old but it is still enduring. Today, more than 50 years after Ray Tomlison developed the ARPANET’s networked email system (and so the first email), we are still using it.
Most people know how to send an email. This article isn’t meant to insult you by teaching you that, we’re sure there are guides showing you that on the Internet.
Instead, the purpose of this article is to help you understand the inner workings of email and what really happens to your private email messages as they travel from your computer, through the Internet and to the recipient’s inbox.
#Terms to Know
We’ll be using some terms that you may or not be familiar with to explain how email works. These are:
- Email Server
An email server, or mail server, is a computer system that sends and receives your email messages. In other words, it ensures that your emails get to the intended recipients.
- Domain Name System
Domain Name System (DNS) is important not just for email, but for the functioning of the entire Internet. Its purpose is to translate domain names like “Telios” that we humans like into IP (Internet Protocol) addresses such as 192.168.1.1 that machines like.
Post Office Protocol (POP) is an email protocol that governs how email messages are received. POP (current version POP3) downloads the email to the local machine and deletes email data on the server once it’s downloaded.
IMAP or Internet Mail Transfer Protocol is another email protocol that is used for incoming emails just like POP, but with the difference that the email data is not downloaded to the user’s computer and deleted from the server, but remains there.
Simple Mail Transfer Protocol (SMTP) is a protocol that determines how email is sent from your computer.
Mail Transfer Agent (MTA) checks whether the recipient uses IMAP or POP.
Multipurpose Internet Mail Extension (MIME) is an Internet standard that allows email messages to support characters other than in ASCII and images, audio, video and application program attachments.
#How Email Works?
Okay, with that out of the way, let’s take a look at how email works.
First, how we think email works is:
- Compose a message
- Hit Send
- Message magically appears in the recipient’s inbox
In reality, there’s a lot more going on behind the scenes that we don’t see and we’ll go on to explain this now.
So, how does email really work?
#How Private Email Messages are Sent?
First, let’s take a look at how private email messages are sent.
Say [email protected] wants to send a private email message to his friend [email protected].
First, he needs to click the Compose button in their email client, add [email protected] to the To: field (for the recipient), write the Subject line (basically, the headline for the email message) and type his email message and after all that, hit Send.
Usually, this is where our interest in that message ends and we just need to wait for the reply.
But there’s a lot more going on.
First, your email doesn’t go directly to the recipient’s computer. Instead, the outgoing SMTP mail server picks it up.
Think of the SMTP server as the post office where you hand over your letter for them to send it to someone else. Except that, instead of the postage address, you put the To: and sometimes Cc and Bcc to show who the email is meant for and where it should go.
But, just like the mailman that the post office sends out with your letter can get lost (they can’t know every street address out of their head), so too does the SMTP server need a little help in finding the recipient.
The only problem is that the recipient’s address is written in a format that the SMTP server does not understand. So now the SMTP server needs to ask for help from the DNS server in translating the human-friendly domain name like [email protected] into the machine-friendly IP address like 188.8.131.52.
Having the IP address now, the SMTP server’s next job is to look for the MX (Mail Exchange) server, which tells it where to send the email.
Once it collects all this info, the SMTP server can finally send your private email message to the recipient’s Mail Transfer Agent (MTA).
#How Email Messages are Received?
So now let’s take a look at how email is received.
When the SMTP server hands over the email to the MTA server, the MTA determines whether the recipient is using a POP-based email or an IMAP-based one. Think of this as the mailman figuring out if they should put the envelope in the mailbox or slide it under the door for instance.
However, before that, the recipient’s server must check if the email is coming from a legitimate source by looking at the sender’s From: address. If the address is a real one, like [email protected], it is validated. However, if it’s not, then it's spam and goes to the recipient’s spam folder.
Finally, the email appears in the recipient’s inbox for them to read it.
#Why Is This Method Really Not a Good Way to Send Private Email Messages?
Remember when we said that email is 50+ years old? Back then, it was just meant to solve one problem:
How to send a message from one computer to the other?
And it did that very well, but we didn’t have hackers, spam, phishing, DDoS attacks and all other kinds of cyber threats that we do now.
Today, your email is susceptible to all of these online threats from the moment you hit Send.
At any point, a threat actor can:
- Gain access to either the sender’s or the recipient’s email account
- Intercept the email message
- Breach the mail server
And get the data from there.
Now, email services like Gmail or YahooMail do somewhat solve the 2nd problem by introducing TLS or Transport Layer Security, which essentially encrypts the data in traffic, and protects it from stuff like Man-in-the-Middle attacks.
However, this still leaves the end-points and the mail server vulnerable and if the hacker gains access to either (all they need is the proper username and password) they can open and read this email without any issues.
This is where encryption comes in. If that message is protected with public cryptography, in other words, it’s first encrypted on the sender’s side with a public key and then decrypted only using the recipient’s private key.
With the email message protected thus, even if the cyber attacker manages to get a hold of it, they can’t do anything without the right encryption/decryption keys.
But even end-to-end encryption doesn’t entirely solve the problem because the data needs to go through the email server and those can be vulnerable to data breaches and may be storing your private key in an unsecure format.
Telios uses a peer-to-peer network to send encrypted emails without going through the server (between two Telios users). This way, the only person who can truly access your email is you.
Check out and download Telios to protect your private email data from prying eyes today!