Speaker Key: PB: Phil Brown, DW: David Whelan
PB: It’s Phil Brown and I’m here with David Whelan. Today we are going to talk about how email works.
DW: Email is one of the fundamental communication tools for lawyers, and although we often hear that the end of email is coming, either through social media or texting or something else that is going to take over, it remains a fundamental way to communicate with your clients.
PB: And it seems simple enough: you write an email on your computer, send it off to someone, they receive it, presumably, and reply. But that is not all that is happening on your computer.
DW: Right, and I think there is some real confusion, too, about the kinds of tools that you use. You can use, in the current world, Gmail or Yahoo! mail, open up your Web browser and go to a site and compose mail, or you can be using what is called an email client, a piece of software that sits on your computer.
A lot of people have used Outlook, although they sometimes confuse it with an old program called Outlook Express, which is not as good an email client, but both from Microsoft. Or they might be using Thunderbird from the same people who make Firefox, the Web browser. So, you have a piece of software, and that is your editing tool for creating that email before you send it off.
PB: Right, and before we get into things like hosting and who... where the email actually might be residing, let’s talk a little bit about TCP/IP and the language of emails.
DW: Right. The way email works is that you create it either on the Web or through your email client just like you would create a Word document: you just type it up and you can add attachments to it. In some cases, you can actually put the attachment, the picture or whatever it is, into the email, and then you press your send button. It needs to go somewhere, and your software or your Web connection has to know how to send it over the Internet.
PB: Right, so TCP/IP is just the basic communication language that constructs the email and lets it travel through the Internet.
DW: Right, and one of the things that has always been out there for lawyers and email is the confidentiality of what is in your email. The way TCP/IP works is that it breaks it into packets, which are little bursts of information that shoot out across the Internet. You are not actually sending a Word document in the same way that you would send it if it was an attachment; your email is being broken up into little chunks, and then it is sent over multiple different paths to wherever you are sending it to – to the email server that is going to receive it so that your recipient can then access the email.
PB: Right, so even if your email is being sent from my office to your office across town, that email might actually go to China before it reaches you.
DW: Exactly, so it is those little packets that are shooting out across the Internet and they may cross borders. Certainly, a recent survey by some professors, I think from the University of Ottawa, found that most Canadian Internet traffic crosses into the United States, even if you are not sending anything to the United States, and then it comes back into Canada.
PB: Which can be very convenient for people who want to look at those emails.
DW: For sure, and when you think about all those little packets, in order to get where they are going, they are being routed over a bunch of different servers. So it is not like it is going from just your server to another computer directly; it is actually stopping and little copies could be made at any point of any of those small packets.
PB: Right, so let’s talk about email host. What is hosting an email, or what is an email host?
DW: Well, an email host is the software that is behind the client. In terms of technology, you talk about client server networks, but your client is your computer and it is the email software that you write your email with. When you press send, that software does not actually do anything. You have to have a server behind it that will receive the email, process it, and handle it properly.
So somewhere in your email environment, you have an email host. It might be your ISP like Bell or Rogers, you might be using Microsoft Exchange inside your law firm, you may be using it through Office 365, or you could be using a variety of other email servers. But you will have an email server out there somewhere which will both receive emails for you from people who are emailing you, and it will take your emails and send them off to the next people.
PB: Right, and we have touched on this in other podcasts, but probably what a lot of people do not realize is that if they are using email, they are using the cloud.
DW: That’s right, yes, because it has to go out and be handled by some server. Now, you can have an entirely internal email environment where you have Exchange, for example, inside your law firm and you are only emailing to someone else in your law firm. That email will actually stay inside your network and it will never leave, but if you are emailing anybody outside of your practice, then that will be going out into the Internet and probably living on a cloud somewhere.
PB: So there are a number of points of vulnerability, if I can put it that way, in terms of the email on your desktop, the email while it is being transmitted somewhere, while it is sitting on a server, ending up on someone else’s desktop, and then that email gets forwarded somewhere else; just a number of different points where it could be travelling through other countries, and there is a chance for you to lose control of your confidential information.
DW: For sure, because there are really a couple of services that you use when you send or receive email. When you send email, you are using what is called the Simple Mail Transfer Protocol (SMTP), and it is really simple. It receives your email and sends it, and then that is the end of your control over that email, because it is now travelling across the interwebs.
And you may have heard about someone who has sent out an email, and after you receive the email from that person, you then receive a recall notice that says, “Please disregard the email I just sent”, and that is because their system does not have the ability to recall a message. But when an email goes out to the Internet, those recall functions do not work.
PB: Right, and SMTP is basically the protocol that says, “Ok, send this data or stop sending this data. I am now going to stop because the data has been received.” It is also what goes out and looks for the email address that you are sending to.
DW: Right, to make sure that there is actually an address to send to. And it does not care if it is the wrong address. If there is an address, it will send it. I frequently receive emails from Ireland because there is a “David Whelan” there and I am in someone’s address book, so it comes to me but I am not the person they are expecting to send it to.
DW: SMTP is also one of the vulnerabilities in your email environment, and it should be secured so that only people who are authorized to send through that SMTP server can do so. Otherwise, you create what is called an open relay, and then spammers and other people will find that you have this open relay and will send email messages as if they were coming from you. There will be no way for you to stop them, because the SMTP server is not smart enough to check, other than with authentication and other setups. If it receives an email and there is no security on it, then it will just forward that email, assuming that everything inside that email is okay.
PB: Right. Let’s talk, briefly, about POP and IMAP and how they fit into the whole email system. POP means “Post Office Protocol” - how does that work?
DW: Post Office Protocol and IMAP are two variations of how you get your email. In the case of POP, it downloads a copy of the email to your client so that you can then open up your email software, your app on your phone, for example, or your Outlook software on your computer. If you use IMAP, it shows you the folders and the files that are in your email system, but it leaves all the emails and the folders on the server.
So what that means is that instead of downloading a copy, to perhaps multiple devices, or if you have downloaded your email with POP and you delete it, losing access to that email, IMAP allows you to leave your email in one location, and use multiple devices to access it. It will leave it on that server, so that you can use it in multiple ways without having to worry about having put the copy of that email on one particular device.
PB: Right, and POP, I think, is more of a one-way street. IMAP is more of a two-way street in terms of deleting emails. If I delete an email from my BlackBerry or my iPhone or whatever, it will get deleted from the server as well.
DW: Exactly, and that is why some people like POP - because it downloads a copy of everything and they can make sure they have a copy on their local machine, but yes, it becomes a preference, and it becomes a productivity tool. If you are accessing your email using multiple devices, more than one computer, for example, or a computer and a tablet, then IMAP may make more sense for you. If you are only on one device, then POP is actually a good option. If you are going to back up your information from your computer, you can have a backup locally of that, those POP files.
PB: Right, and I would just say this: all of those various things which are built into your computer have ports which are listening for POP emails and IMAP emails and waiting to see if something is coming towards your computer.
DW: Right, yes, I always think of ports as a sieve. If you think about your network connection to the Internet, normally we just think of plugging a wire into the wall and then suddenly, “Presto!” – There is the Internet. But if you really think about this sieve being in between you and the Web, or a colander if you want, and it has all of these little holes in it, all of those little holes are what are called ports.
And normally all of those holes should be closed, other than the holes that you need in order to communicate. Each of those holes will have a number, so Web traffic, for example, typically when you are connecting to the Web you use port 80. So that little hole in your colander or sieve needs to be open, and the same thing goes for all of these other systems. POP is on 110, I think, and SMTP is on port 25. IMAP, I forget now...
PB: I cannot remember either.
DW: It might be 443 or something. And then if you use secure versions of POP and IMAP with SSL or secure sockets, then you get slightly different numbers.
PB: I think the lesson here for lawyers and paralegals, is that email, although typically secure, can be subject to various vulnerabilities, and you probably need to tell your clients, if you are using email to communicate with them, that it is a potential security risk.
DW: For sure, yes, at least let them know that their expectations should be, maybe you won’t use email for confidential information, or you will send confidential information encrypted in some way. Either the entire email or the attachment is encrypted so that if someone is listening on one of those ports, which you have to have open in order to connect to the Internet, and trying to capture the information as it goes by, you are at least providing additional protections for them.
PB: That’s right, and it is probably a good idea to have in a retainer agreement, “This is how we are going to communicate….”, so that the client has an idea, in writing, on how it is going to happen. Presumably they will also be able to opt out of that if they like.
DW: That’s right. There is always paper.
PB: So that is our look at how email works. Thanks, David.
DW: Thanks, Phil.