IMAP information storage security

As information technology spreads, the issue of security becomes important. Moreover, it is necessary to study various aspects of relatively different developments. For example, IMAP security - what is it? How reliable is the Internet Message Access Protocol? What advantages it has, why it was developed, what versions and mechanism of work exist - here is a brief retelling of the contents of the article that you are now familiarizing yourself with.

What is IMAP?

The safety of correspondence is important because it can contain valuable information. This protocol is used at the application level to provide access to e-mail data only to those who should receive it. It was developed on the basis of TCP and uses 143 ports for its needs. IMAP gives the user the opportunity to work with mail, which is located on some central server. A program using this protocol performs the necessary actions in such a way as to create the impression that all correspondence is on the user's computer. With a large volume of transfers, a special IMAP server can be used. Manipulation of letters does not require constant transfer to the recipient of files that contain content. But this is not the only protocol that is used in mail services. So, SMTP is used to send letters, since the sending command to IMAP cannot fully guarantee security. There are known vulnerabilities.

Why was IMAP developed?

It was developed as an alternative to POP3. It all started because of the shortcomings of the latter. So, in it there are no opportunities to manage, move and store messages on the server. That's because of this, the IMAP protocol was developed, which offers the ability to receive e-mail in different places thanks to the storage of data on a remote server.

Benefits over POP3

Why did this protocol come into use? The fact is that IMAP mail offers, in addition to the above, a number of advantages:

1. The connection does not break while the user interface is active .
2. Messages are downloaded only if there are relevant requirements from the client.
3. It can provide simultaneous access to several people, while each of them will be able to follow all the changes made.
4. The client can create, change the name and delete mailboxes, as well as move messages between them. Also, if you have the IMAP 4 Access Control List extension, you can change the access rights.
5. You can track the status of the message itself (it was read, deleted, sent a response, and more). Data about such actions are called flags and they are stored on servers.
6. Messages are always searched on the server and there is an explicit extension mechanism.

Messages and their attributes

IMAP security provides for working exclusively with messages, and they do not need any packages with special headers. Each of them has its own attributes. They can be determined individually or together with others. There are currently six versions of IMAP, but almost always only the last one is used.

UID

Each message receives its 32-bit code. A unique identifier is added to it. Together they form a 64-bit sequence, which is necessary to identify the message. Here is such IMAP security. The later it arrives, the more the UID matters. This parameter is used as a response code during mailbox selection. It does not change during one session or between them. If the technical conditions require editing this parameter, then the UID must be larger than before. For data transfer, the same IMAP port is used.

Message serial number

It starts with one. The number of each subsequent message is increased by 1, compared with the previous ones. An important difference from a mailbox is that it can change during one connection session: for example, when a message is completely deleted.

Message flags

This attribute looks like a list in which there are zero or more named tokens that are related to the main information. IMAP 4.1 introduced two types of flags. They can act temporarily (throughout the session), or be permanent. The system flag is the flag for which the name is defined in the protocol specification. All of them must begin with the character \. At the moment, the following system flags have been defined:

1. \ seen - read the message;
2. \ answered - send a response;
3. \ recent - the message appeared during the current session;
4. \ draft - was marked as a draft;
5. \ flagged - the user marked this message as important;
6. \ deleted - deleted.

Internal date and time of the message

How is it determined what values ​​should be in these parameters? If the message was delivered using the SMTP protocol, then the time and date of the final destination are taken. If a copy command is used, then the sender parameters are used. You can set both your time and date - to do this, use the append command.

Client-server interaction

When using IMAP, a connection is established behind the client-server principle. So, the first sends all the received commands from itself, and the second sends the requested data, as well as information about the execution of the request. All messages have the form of lines, which ends with a special sequence. All procedures begin thanks to the client’s commands. They are recognized thanks to a special identifier prefix (which is a short alphanumeric string), which is called a label. Each team has its own unique number.

There may be two cases where the data sent by the client is not complete. The first - the argument of the command is provided with a code that previously determined the number of octets that are in the cable. The second is the response from the server. In both cases, the client receives a request to continue the command, which necessarily begins with a symbol like +. If a certain type of data is received, the transfer must be completed, otherwise it will not be possible to start a new process. Reading, parsing, allocation of parameters and transmission to the data server is carried out by the protocol receiver. When the processing of the command is completed, a response is sent to the client with this notification. Information that does not indicate completion of the instruction is prefixed with *. It is called an untagged response. The practice of sending these servers as a response to a client’s request or on their own initiative. Their format does not depend on the reason why they were sent.

But what about popular services like Gmail? IMAP settings are not available to ordinary users, but they can be made if you send an email through a special client. But this is purely for outgoing letters only.

And what are the actual responses needed for? They report success / failure of information. The response always applies the same label that was used by the client command that launched the procedure. Therefore, multithreading of data transmission is possible, and they will not be confused with themselves. To clarify the situation, three types of response from the server were developed:

1. Successful completion.
2. Failure.
3. IMAP protocol error (occurs when an unknown command is applied or the server recognizes that there is a problem with the syntax).

The peculiarity of the client is that he must always be ready to process any response that comes to him. Data must be recorded in such a way that the client can use it directly, without the need to send clarifying requests to the server. You can see this in Gmail. IMAP settings can be edited or changed thanks to email clients with wide functionality.

Conclusion

This security protocol can significantly increase the reliability of data transfer, and it can provide substantial guarantees that a third party will not be able to access information. But this does not mean that someone else can not read the letter. The server remains potentially vulnerable, and the user can, due to low knowledge about the tricks of fraudsters, personally transfer to them all the data necessary to access the mail.