Simple Mail Transfer Protocol (SMTP)

From a “chess” perspective, the Simple Mail Transfer Protocol (SMTP) — like the Hypertext Transfer Protocol (HTTP) — provides an important means of gaining perimeter access to a network. As with HTTP, compromising an SMTP server is the chess equivalent of taking a knight or rook — it can afford an attacker a means to penetrate deep into an organization’s systems and network, beyond any perimeter defenses. Mail users are literally inundated with mail on a daily basis — hardware, software, and E-commerce vendors are finding new ways of getting mail to users via innovative mobile, wireless, and Web interfaces, and the volume of nuisance mail (so-called UCE and UBE ¹ mail) increments continuously. Moreover, the size of the average e-mail message has grown over the past five to ten years, as e-mail facilities have become more robust and client/server content support has improved, leading to an expansion in the volume of messaging, Web, and application content delivered via mail. All of these factors compound to make mail an attractive target for hacking activity on both public and private networks.