Horse Sense

Horse Sense #54

E Mail Isn't as Reliable as You Think

About this article

This article is about standard Internet e mail. Proprietary e mail systems work a little differently. But, they are enough the same that many of the same principles apply. When e mailing outside your organization you will be using Internet mail. This article will be posted in the newsletters section of our web site (www.ih-online.com) as Horse Sense 54. Horse Sense articles are written so that they won't go out of date quickly. We hope you find them helpful.

E mail isn’t as reliable as you think

Internet mail isn’t a completely reliable means of communication. You need to know how Internet mail works to understand how to appropriately use this valuable resource. If you send an e mail to someone, it doesn't mean that they'll get it, or, if they do, that they'll be able to read it. E mail isn’t a real time communications method. They may not get your message for days. Your message may get garbled in transit or a server en route could remove your attachments or block the whole message. The prevalence of unwanted worm and spam e mails has caused many companies to block e mails without notifying the sender that they are doing so. This violates the Internet standards for e mail. Frankly, since these types of e mails typically make up 50% or more of what a typical e mail server sees, sending messages back to the real or (usually) forged sender isn't helpful. Unfortunately, if your mail is trashed without a notice of what has happened, neither you nor your intended receiver will know what happened. It’s the equivalent of your post office throwing some of your “junk” mail away en route to you. It may not be all that important, but if you miss out on a sale or your magazine subscription lapses, it could be more of an issue.

Sending e mail

Let's ignore antispam software for a moment and see how real Internet mail systems work. Internet mail and postal mail have many similarities. Mail is sent between Simple Mail Transport Protocol (SMTP) clients to servers on port 25. Once you send an e mail to your server it acts like a client to the next mail server. In the physical world, this would be like taking your letter to the post office and then having your post office take it to another post office. SMTP is the language used for the communication and it has specific rules for how mail can be addressed and sent. The IP address is obtained from the domain name which is everything to the right of the @ in an e mail address. The sending domain name is like the return address on an envelope.

SMTP is a very old Internet standard. All e mail is sent as a text transmission. File attachments must be encoded in text form. The encoded version is usually about 20% larger than the size of the original file attachment. Additional information is needed to tell the e mail client on the other end how to properly extract the attachment. The file attachment is generally not encrypted during the encoding process.

SMTP doesn't use encryption, so anyone who can get access to your mail in transit can read it just as if it were a postcard on a desk. You can get encryption with e mail, but you have to encrypt before you send the mail. Some e mail clients can accomplish this feat by using PGP or SMIME to do the encryption, but we won't talk about encryption here since most people don't use it with Internet mail.

Some things to think about when sending an attachment

Attachments are a problem for e mail systems. They are orders of magnitude larger than standard text messages. They also run the risk of being reassembled incorrectly on the other end. This is most common with users of proprietary e mail clients like Outlook that use their own encoding format. It isn't unusual for an Outlook user to send a non-Outlook user an e mail whose attachment is an unreadable winmail.dat file. These attachments may be unusable if you don’t have the same e mail client. Also, depending on the client, the attachment may arrive not as an attachment, but embedded in the e mail or an embedded graphic might appear as an attachment instead. Attachments can cause the entire message to be rejected because of size limits on messages, limits on what attachments are acceptable, limits on the size of the mailbox itself, or limits on the ability of the client to receive the message. Many organizations no longer allow attachments with .exe, .dll, or other common extensions because these pose an unacceptable security risk.

When a server starts receiving an electronic mail message, it doesn't know how big it will eventually be. If the message is too big to be stored in the target mailbox, it will be rejected. It may also be rejected if the communication takes too long, even if the message isn't finished. In this case, the server will keep trying to resend the message. It doesn't know why the communication failed, only that it failed. Finally, it will consider the message undeliverable and return it to the sender.

It isn't uncommon for mailboxes to be 2 to 5 megabytes. When a POP3 e mail client asks its parent server on port 110 for its messages, it only has a certain amount of time in which to download them. If it can't download them in this time, the client software suspects there is an error and tries to recover and start over again. With smaller mailboxes, this error won't happen because the messages won't be large enough to trigger the error. Your recipient may not be able to download large attachments without getting an error, even if they have a large mailbox. Many mailboxes get "locked" because there are files in them that are so large, they can't be downloaded. Dialup users really have a hard time with large attachments because at their low bandwidth it is easy to run into that time limit.

Large attachments may not fit in the recipient's mailbox, are difficult to deliver reliably, and are difficult to store and retrieve reliably. Don't send a 50 megabyte PowerPoint presentation by e mail. If you want to be courteous to your receivers, compress the attachment, then store it somewhere where it can be downloaded at their convenience.

Receiving mail

You may note that I said that you use POP3 on port 110 to get your Internet e mail. POP3 is the standard that almost all the ISPs use. It is very simple and assumes you will be downloading all your mail off their servers and not storing it there forever. This isn't true of Internet standard IMAP mail or proprietary e mail systems like Exchange, Domino, and GroupWise. These store mail on a central server. This gives a centrally controllable message storage facility that organizations can monitor and control. These servers use SMTP to get their Internet mail and then provide this mail to their own proprietary clients using their own non-POP3 access mechanisms.

Why mail might not go through

If everything goes right, here's how Internet mail works. Your client software sends the e mail to your local e mail server "post office", the one your e mail program knows about. That server then reads the destination address and attempts to forward the mail on to a server post office for that destination. That destination server may have rules that cause the mail to be rerouted to other servers, like when a piece of physical mail gets forwarded. Eventually the mail will reach its final destination. At that point the client software on the other end asks the server for its mail and downloads it so the recipient can see it.

However, in the real world, everything doesn't go right. For example, a receiving post office server might not be operational. If so, you can't send the mail there. Post office servers will wait for specific periods of time and try to put the mail through again. At some point, usually 3-7 days, the server will give up and send a message back to you saying it couldn't get through. Until that time, you won't know that your message didn't make it. It's possible to send messages minutes apart and have the first one arrive days after the second one. The first one might not have been able to get through on the first shot, but finally made it days later. Your mail could be rejected if the post office servers can't find the address you gave them. It could be that you mistyped the address. It could also be that the receiving post office server doesn’t exist or isn’t available. Even if the mail does get through, it means it got to the post office server on the other end. It doesn't mean that anyone will ever download or read it. A successful delivery in Internet mail is to the post office box on the other end, not to the person you wanted to see it.

You can request a return receipt for your e mail, but many servers will block these return messages anyway, so it isn't very reliable. We recommend you don't use them. If you really want someone to confirm receipt, have them e mail you back. If it is really important, call them.

Because e mail works on a store and forward mechanism and you can't be sure when messages will arrive, don't try to use it for anything that requires back and forth real time communication. The phone is a better choice.

Electronic Mail Etiquette and Safety Tips

1) Don't bother telling your ISP or system manager about a message you've gotten about a virus or other piece of malware, unless your corporate policy says otherwise. It's probably a hoax or they already know about the problem. Don't do anything an e mail tells you to do, like execute an attachment or delete a file, unless you can verify it with your help desk.

2) Unwanted mail and e mail is a fact of life. You can implement spam blocking technologies, but you want to be careful how you do it. The key feature of a spam blocking solution is not how much it blocks, but that the messages you want to see get through. The first time your boss' or important customer's e mail gets blocked is probably the last time you'll think that blocking solution was a good idea. Even the best e mail blocking technologies won’t keep the e mail from the office crackpot from reaching you. Relax. The delete key is your friend.

3) If you have doubts about the validity of an e mail message, call the sender. Don't open attachments you can't identify and/or weren't expecting, even if it is from someone you know. OK, you'll do it anyway sooner or later, so make sure your antivirus software and workstation firewall software is up to date. Unfortunately, there are some really clever ways of attacking a system even if you don’t open an attachment yourself, so antivirus software is a must. Desktop firewalls increase your protection. Deleting unwanted/suspect e mails is a reasonable thing to do. Keep the antivirus software and firewall protection current. It also doesn't hurt to use browsers and e mail clients with better security, like newer or patched Microsoft software or other vendors' products like the Firefox browser.

4) If someone sends you a hoax, a virally infected message, a bad political joke, a baby shower invitation, or anything else you don't care to see, the delete key is very powerful. There are different levels of unwanted mail. Messages from your goofy nephew, your car company or bank, and someone you never heard from before offering you something are all examples. It's likely none of these are really spam (a term sometimes used interchangeably with unsolicited commercial e mail).

Legitimate companies will e mail you when given "permission" to do so. It should be fairly easy to tell if they are legitimate. If it is a list message, rather than an individual message, the company will have clear subscribe and unsubscribe instructions, e mail addresses, telephone numbers, and all sorts of information that make it easy to contact them and/or do business with them. If you want them to stop mailing you, follow the instructions to get off their list. If you have many addresses from which you get e mail, be sure to unsubscribe the correct one. Legitimate mailers want to hear from you, even if you just want to get off their lists.

Do not complain to your mail administrator that you are getting unwanted mail. He usually can't unsubscribe for you. If he blocks a legitimate business from sending mail, other people in your organization may not get mail that they need to do their jobs. And, it doesn't stop the e mail server from trying to send you mail it thinks you want over and over and over again, tying up your network bandwidth and e mail server.

Legitimate businesses only want to talk to people who are interested in what they do. In general, if you are getting a request to do non-personal business at a work e mail address from someone that looks like a legitimate vendor, you can feel safe asking to be removed from their lists.

5) Unless you want everyone to see every e mail address you mailed to, use bcc instead of to/cc when sending to multiple recipients. Only people on the to: or cc: lines show up in all the e mails. This can make your e mails a lot shorter if you have a long list of recipients. Note that there are some ill-configured spam blocking systems that will block e mails with too many recipients or with any recipients in bcc.

6) Headers are your friend. Different e mail programs show headers differently, so use the help function to see how you can view them. Headers show the route your e mail took through the Internet (unless a spammer was lying about his address). You can diagnose delivery problems using header information. You can also see if a message was sent to Sam and automatically forwarded to you instead. You can see how long a message took to be delivered. You can see if the message was sent to a list. Sometimes these headers tell you how to log on or off a list. In short, you can see a lot of things in headers.

7) Don't send on chain letters. You wouldn't do it with normal mail, would you? E mail telling you to tell all of your friends something is often a hoax. Jokes are the exception. I have a personal belief that the best use of Internet e mail is the distribution of truly funny stuff. If you are going to have any type of list, even a joke list, be considerate. Even if you think the jokes are good, not everyone might want to get them via e mail.

8) When sending something you got in your e mail on to someone, resist the temptation to "forward" it. It violates the privacy of the person who sent that e mail and makes the e mail longer and harder to read. Cut out all the extraneous info. Use "Send Again" or your mail program's variation of that instead of "Forward" to compose the new message you want to send. Be careful what you forward. If the information is copyrighted or you signed onto a list with a non-disclosure agreement or other policy that restricts publishing outside the list, you want to honor your legal commitments. I've seen many cases of cross posting from one list to another that has caused heartache because one group of people wasn't supposed to hear what the other was talking about. In one case, a multimillion dollar deal went down the drain.

9) If your message doesn't use fancy formatting or graphics, especially when sending to a list or people who might have a text only reader like a smart phone or Blackberry pager, send your message in plain text. Plain text messages are also readable by people who have vision problems and use text to speech readers. You can see how any message will look by sending it first to yourself. If that looks OK, send to everyone else.

10) Most e mail clients allow you to add signature tags to your e mail. Put your information there in text form. Everyone will be able to read it and it will almost always be in the message. VCF cards and cute graphics take more bandwidth and may not show up correctly on the other end.

11) Just because an e mail said it came from someone doesn't make it so. The sender can fake their address, just like their return address on a letter from the post office. An e mail has an envelope indicating the sender and receiver, and the internal letter, which can reference the same or different information. This allows me to send a mail to someone from billing@ih-online.com but indicate that they should reply to tstirk@ih-online.com. This is incredibly useful, especially when sending to mailing lists. It's not unusual that you don't reply to the address from which the e mail was sent.

12) Before you send e mail, either inside or outside your organization, consider your recipient. Large attachments can take forever to download, take up lots of space on your receiver's system, and can even crash their e-mail server. A good rule of thumb is that if a file is greater than 500K, don't e-mail it unless asked. Be especially sensitive when sending to someone who is on dialup or that you know has a small e mail box.

13) If it is important or emotional, call or visit. Most human communication is non-verbal. E mail doesn't convey tone well at all. It also doesn't allow for interruptions and explanations of what has just been said. If you have bad news to give, a deadline to meet, or just need to confirm someone has seen your message, use the telephone.

14) Most people should forget about using autoresponders. Telling people, or worse, machines that you aren't there generates e mail traffic that likely isn't necessary. If it is important, they'll call you or you should have someone else checking your mail.

15) Delete your old mail. Especially with e mail systems like Exchange, GroupWise, or Domino, you can end up with huge numbers of messages on the server that mean very little. The same is true of your own client. Throw out the trash. Remove sent items. Delete mail with attachments to save enormous amounts of space. If you do this, you'll find your mail is easier to manage, less expensive to maintain, and higher performing. If you feel you must keep old e mails, create archives and save the archives. One note to e mail administrators: corporations requiring long term records of what has been sent by e mail should not rely on individual employees to keep those records and those records should not be a part of the normal e mail system.

16) Assume the best of someone sending you an e mail. Forgive their spelling and other errors. Forgive their miserable sense of humor. Consider that they might not have meant to say something so offensive or dense. Remember that there is no tone in e mail. It's hard to see if someone is kidding. This is especially true when you are part of a discussion list. If someone is being a jerk, there is no reason to join them.

Organizational control of e mail

We know of software that can scan incoming e mail for viruses, enforce e mail policies, block spam, automatically respond to mail, and so forth, but nothing is more effective than responsible e mail users. We recommend communicating to your employees what is expected in their communications with others. You can start with the points above.

Remember, when sending a normal e mail, anyone can see it. E mail is often backed up and made available to others to ensure the integrity of the systems. Once written, assume your e mail will live forever. When sending mail over the Internet and through a corporate or ISP mail system, you cannot assume that these communications are private, and they generally aren’t. If you do something illegal or contrary to corporate policy in e mail, you may see your e mail again. Generally, the use of corporate resources (i.e. their computer and e mail system) to send e mail is not considered a private communication. They have every right to monitor and control those resources.

Stopping unwanted mail

The best place to stop unwanted mail is before it ever gets to your mailbox. Weeding through this mail can take lots of time away from doing productive work. This frustrating task costs a ton of money. Iron Horse sells a number of antispam and antivirus products that clean out this mail before and after it hits your mailbox. They generally pay for themselves in a couple of months.

We will be presenting a seminar on a very effective antispam and antivirus solution that blocks mail before it hits users’ mailboxes from Barracuda Networks in February. Call us to get on the seminar list to see how it can work for you. We even have a no risk trial on this product where, if you qualify, you can try it out in your own environment. We are willing to do this because we find our customers love what it can do for them. It saves them a ton of money and they never give it back! Call us to for more information or to sign up for the seminar.