Security Evaluation for Mail Distribution Systems

The security evaluation for Mail Distribution Systems focuses on certification and reliability of sensitive data between mail servers. The need to certify the information conveyed is a result of known weaknesses in the simple mail transfer protocol (SMTP). The most important consequence of these weaknesses is the possibility to mislead the recipient, which is achieved via spam (especially email spoofing). Email spoofing refers to alterations in the headers and/or the content of the message. Therefore, the authenticity of the message is compromised. Unfortunately, the broken link between certification and reliability of the information is unsolicited email (spam). Unlike the current practice of estimating the cost of spam, which prompts organizations to purchase and maintain appropriate anti-spam software, our approach offers an alternative perspective of the economic and moral consequences of unsolicited mail. The financial data provided in this paper show that spam is a major contributor to the financial and production cost of an organization, necessitating further attention. Additionally, this paper highlights the importance and severity of the weaknesses of the SMTP protocol, which can be exploited even with the use of simple applications incorporated within most commonly used Operating Systems (e.g. Telnet). As a consequence of these drawbacks Mail Distribution Systems need to be appropriate configured so as to provide the necessary security services to the users.