Internet Email Architecture

New technology tends to mimic current technology until people beginto recognize the new technology's potential and are willing to change the waythey operate. For example, current email systems generally follow the model ofpaper mail, except that they're faster and easier to use. Only recently haveemail packages begun to use the processing power of PCs to exceed paper'scapabilities. And from a security perspective, many current email systems don'tprovide even the same level of security that paper mail does. Future systems,however, promise to go well beyond it.

Because nearly everyone is moving toward the TCP/IP-based SMTP mail as thestandard--or at least as a universal backbone--SMTP is currently the bestcandidate to become the universal standard for secure mail. The European X.400standard is the only serious competitor to Internet SMTP mail in the long run.Proprietary mail systems are already being relegated to running as front ends toSMTP, and they may soon pass out of favor altogether.

Quite a few proprietary email systems are in use today, including MicrosoftMail (soon to be replaced by Exchange Server), cc:Mail, and DaVinci Mail. Mostdesigns share a common file area on a server disk and put all the intelligencein the client software. This is a passive-server design. By comparison,true client/ server designs, such as SMTP mail and X.400, have an active-serversoftware component, called a Message Transfer Agent. The MTA accepts networkprotocol requests from the client software, which is called a User Agent. Theclient software can access only the shared file area, the Message Store, viarequests to the server; therefore, the shared file area is not exposed. The MTAalso handles exchanging messages between post offices.

The network protocol is a set of conventions defining the exact syntax andsequencing of messages sent over the network. Two main protocols have evolvedfor implementing client/server mail on the Internet: SMTP and POP3. Severalrefinements have been made to these basic protocols. For example, PEM and S/MIMEsupport encrypted attachments, and S/SMTP provides encrypted server-to-servertransmission.

Each site has one MTA and one Message Store. The MTA can have any number ofUser Agents--some can be mail-enabled software applications--connected to it.One person uses each User Agent, and each User Agent connects to one MTA. (TheUser Agent is what you think of as your mail program, although it's really justa small part of the overall mail system.) Thus, a User Agent needs to handleonly one connection at a time and needs to run only when its user is composingor reading mail. An MTA, however, must be able to handle multiple simultaneousconnections and must be available at all times. Writing a User Agent is mucheasier than writing an MTA. In addition, you can run a User Agent on a lesssophisticated operating system (e.g., Windows 95) than you need to run an MTA(e.g., Windows NT or UNIX).

As shown in figure A, if Arnold wants to send mail to Zeke and they bothuse Post Office 1, Arnold uses his User Agent to transfer the message via SMTPthrough the MTA to the Message Store for Post Office 1. The next time Zekeaccesses his User Agent to check his mail, he will see the new message and candownload it via POP3 to his local Message Store. If Arnold wants to send mail toAgnes and she uses Post Office 2, Arnold uses his User Agent to transfer themessage via SMTP to MTA 1 where it winds up on an outgoing message queue. Thenext time MTA 1 connects to MTA 2--typically within a minute--SMTP will transferhis message through MTA 2 to the Message Store at Post Office 2. When Agneschecks her mail using her User Agent, she will see the new message and candownload it via POP3 to her local Message Store. This kind of operation iscalled store-and-forward.

If gateway MTAs are involved, the process is essentially the same, but themessage may be relayed through several MTAs before being deposited in therecipient's Message Store. This relay may be for security purposes or to allowthe reconfiguration of internal post offices without outside MTAs needing toknow anything about it. However, unless an MTA has been configured to alwaysrelay mail to a specific gateway MTA, it will typically connect to a largenumber of other MTAs, also.