No one cares about your

damn emails

The email scandal and a primer on email servers and clients…

In the following slides you will:

Learn about the Hillary email scandal from the beginning

See how it fits into Benghazi, the FBI, the Attorney General and Congressman Anthony

Weiner

Discover mail servers, ingoing and outgoing protocol, and security on the webmail server

What happened?

March 2015: We learned that Hillary Clinton used her family’s private email server

for official communications.

However, she was to use official State Department emails accounts on federal

servers

Those official communications on the private email server would retroactively be

marked classified

How does Benghazi fit in?

The email scandal unfolded as Clinton is beginning her presidential bid and

hearings are held at the House Select Committee on Benghazi

Some members of congress have said that her private messaging system

software and private server violated State Department protocols and

procedures, as well as federal laws and regulations on recordkeeping.

Clinton says that her use of personal email was in compliance with federal laws,

and that former secretaries of state also maintained personal email accounts.

However, she is the only one to use a private email server.

Some of the classified emails were about Benghazi.

How does the FBI fit in?

The FBI began an investigation regarding how classified information was held on the

Clinton server.

Of the emails on the server, 113 contains information that would have been classified,

including 65 “secret” and 22 “top secret”

Of these 113 emails, only three had markings to identify it as classified

Director James Comey suggests that Clinton was not “technically sophisticated” enough

to understand what the three classified markings meant.

Nearly 2,100 emails on the server were retroactively marked as Classified.

Government policy is that sensitive information should be considered and handled as

classified

The ultimate finding for the FBI

IN May 2016, the State Department’s Office of the Inspector General released an 83-page

report on the email practices of the State Department, including Hillary Clinton.

On July 5, 2016, Comey announced that although Hillary was “extremely careless” in her

email handling, there was no wrongdoing on her part..

The next day, Attorney General Loretta Lynch announced no charges would be filed.

Clinton /Loretta Lynch connection

On June 27, 2016, Bill Clinton held up a Phoenix flight for 20 minutes so he might have a little chat with Attorney General Loretta Lynch.

9 days later, she would decide not to file charges against Hillary Clinton

New attacks on October 28 lead to new

actions on the 29th (ongoing!)

FBI Director announces out of the blue that he was looking into a potential new batch of

messages from her private email server.

Clinton responds quickly and sharply, questioning his motives 11 days from the election,

calling it “strange and …deeply troubling.”

By Saturday, she is vocal, accusing the director of smearing with innuendo late in the race

and violating Justice Department Rules

These rules establish guidelines advising against such actions so close to an election.

The Weiner link

It just so happens that Congressman Anthony Weiner, known for his sexting

failures on Twitter, has a wife who happens to be a long time Hillary aide, Huma Abedin.

These new emails were found on Weiner’s computer, as it was being searched for

sexually explicit messages with a teenager

But we digress, how

email works

Some technical details

What is an email server?

A server is a computer that handles and delivers e-mail over a network, usually

over the Internet.

An email server can receive emails from their own “client” computers and

deliver to other mail servers. It can also deliver emails to “client” computers only

Think of an email server as a neighborhood mailman. Without email servers, you

could only send email to those in your domain (gmail.com, outlook.com)

Types of mail servers

Two types of mail servers: Outgoing mail servers and incoming mail servers.

Outgoing mail services are known as SMTP (Simple Mail Transfer Protocol servers)

Incoming mail servers can be POP3 (Post Office Protocol, Version 3, best for

storing send and archived messages on PCs local hard drive) or IMAP (Internet

Message Access Protocol) store copies of messages on servers. Since most POP3

servers can also store messages, it is more convenient than IMAP

Sending an Email

1. You compose the message and hit send.

2. Your email client (Outlook Express, Gmail, etc.) connects to your domain’s SMTP server.

giving it your email address, the recipient’s email address, the message body and

attachments

3. The SMTP server processes the recipient’s mail address. If it is the same domain, it is sent

directly to the domain’s POP3 or IMAP server.

4. If the domain is different, the SMTP will have to communicate with other domain servers

Continued…

Sending an email: next steps

6. The sender’s SMTP server has to communicate with the DNS (Domain Name Server). The DNS takes the email domain name and translates it into an ipaddress. NOTE: If the DNS server is down (as happened with the recent Cyber Attack), the emails will be lost (can’t find their domain).

7. Although technically the SMTP server knows the address, and therefore the SMTP server that hosts this domain, the message may be routed along a series of unrelated SMTP servers

8. The recipients SMTP server scans the message. If it recognizes the domain and username, it forwards the message along the POP3 or IMAP server. It is then put in a sendmail queue until the recipient’s email client allows it to be downloaded, where the message can then be read by the recipient.

It looks like this:

Email clients

Yahoo mail and Gmail are examples of web-based email clients. In this case, you are using a Webmail client, which is accessed through your Web Browser.

If you are using a specialized program NOT on the web, like Microsoft Outlook, and Thunderbird, you are using a specialized email client. You will use software to read and send emails from your computer. Unlike web-based, your emails are stored on your computer. You can also read messages you have already received without Internet connections.

Hillary Clinton had a Private email client.

The email process is complex. There are programs, such as Postfix and Microsoft Exchange that facilitate the email process behind the scenes. This is a useful program when you host your own server.

It is thought that Hillary Clinton was using Microsoft Exchange as her email program.

Security in the email server

Encryption helps protect messages from interception or alteration.

Mail servers use the TLS (transport layer security) protocol to encrypt ingoing and outgoing channels

These mail servers have a special code, known as a certificate. Email software and servers will check for this to verify the server’s identity.

You may sometimes see that a site does not have a valid certificate. Proceed with caution.

Although most servers pay a certificate authority for a certificate, some smaller ones sign their own. Clinton’s server probably used a self-signed certificate, which is a security risk.

Another thing that she may have been lacking is message level encryption, which is built into the email client software.

Questions:

What are some differences between using a private email server and a web based

server?

How is an email server similar to a postman?

What does the DNS (domain name server) do?

What is a certificate?