the Email in Your .Net Apps with SSL Email Components
|Your .Net app can easily
send and retrieve secure email...
If you are confused about how to implement security in an email
app, you are not alone - SSL, S/MIME, PGP, certificates, signatures - it all can get quite confusing.
There are many methods of securing email, each with its own
strengths, weaknesses and complexities. This is the first in a series of articles
dealing with email security in which I hope to simplify some of
these complexities. In this article I will focus on SSL and leave future articles to
deal with the other security methods and protocols. Unlike
other information you may have read about SSL, the information presented in this
article is from an email developer's perspective. I will explore the pros and
cons of SSL and show you exactly what you need to know to properly
build and support an email client application that can send and
retrieve email over an SSL encrypted channel. Sample code is also included which will enable
you to build SSL enabled .Net apps - within minutes!
In this edition you will learn:
How SSL works to safeguard data
SSL is used to protect email
The benefits of client authentication
2 critical things you need to know about what SSL
How you can use SSL to safeguard email in your app
and server requirements for securing email with SSL
About the bonus protection provided by SSL
types of apps can benefit from securing email with SSL
This edition also contains easy sample code in VB.Net
and C# including:
Sending a message with SMTP over an SSL connection
Retrieving a message from a POP3 server over an SSL connection
Retrieving a message from an IMAP4 server over an SSL connection
Normal email messages are sent across the Internet in a plain
text format. This leaves the messages susceptible to all
sorts of electronic eavesdropping. SSL enables us to easily
secure our email apps while keeping the SSL
security invisible to the end user.
Every techie is familiar with SSL (Secure Sockets Layer) to
some degree. SSL is the technology which encrypts data
during its transmission to and from a secure website. All
e-commerce applications rely on SSL to ensure that sensitive
information, such as credit card numbers, are not transmitted
across the public Internet in a manner which can be easily
intercepted and decoded by a third party. SSL is very
transparent to the end user, in fact the end user needs to know
nothing and do nothing, it just happens, it just works. That
is one of the biggest strengths of SSL - the fact that it is
invisible or transparent to the end user.
SSL is transparent to the end user because its functionality
is built into the browser and works automatically.
In this article I will show you how to build this same type of
automatic, secure functionality into your email apps.
So how does SSL work? How secure is it and how can it be
used to secure email?
SSL - How it Secures Email
SSL works at the socket level. Sockets are a pair of
end-points of a two-way communication link between two programs
running on the network. All TCP/IP communication on the
Windows platform uses sockets. In the email paradigm one of the
sockets is used by the email client application and the other by
the email server. These applications usually reside on
different systems across the network, however there is nothing
preventing them from being on the same system either. You can think of a socket as
a data doorway into and out of an application. Normal email
communications send your email messages out the door in a plain
text format. As the message travels between doorways, it is
susceptible to prying eyes. Electronic eavesdropping
applications can easily read the contents of your messages as they
travel across the network and
gain access to attachments and other message data. SSL protects your messages by automatically encrypting
the data as it travels between doorways (sockets). Data is
automatically encrypted just before it goes out the door, and
automatically decrypted immediately after it enters the door.
SMTP, POP3, IMAP4, Where does it all fit in?
SSL encryption happens at a lower level than the standard
Internet email protocols such as SMTP, POP3 and IMAP4.
Because of this, these protocols do not need to be modified to
handle connections over an SSL protected channel. In fact,
these protocols are oblivious to the existence or nonexistence of
an SSL connection.
Continue on to learn about the bonus protection SSL offers email
applications, caveats, requirements, sample code and more...