WEBVTT 0:00:02.060000 --> 0:00:05.400000 In this video, I'd like to introduce the email pipeline. 0:00:05.400000 --> 0:00:09.800000 In other words, a high-level overview of what takes place when you create 0:00:09.800000 --> 0:00:14.260000 and send an email, and what takes place when you download an email, specifically 0:00:14.260000 --> 0:00:18.020000 talking about what protocols are used. 0:00:18.020000 --> 0:00:22.120000 So that's going to be the topic of this video, is what happens in the 0:00:22.120000 --> 0:00:28.640000 email pipeline. Now, the first thing to think about is when thinking about 0:00:28.640000 --> 0:00:32.620000 emails, you have to ask yourself two things. 0:00:32.620000 --> 0:00:39.640000 Number one, am I using an application on my laptop or PC, a standalone 0:00:39.640000 --> 0:00:44.980000 application that I had to download and install and then start up every 0:00:44.980000 --> 0:00:49.700000 time I want to create an outbound email or download an inbound email? 0:00:49.700000 --> 0:00:54.680000 Or am I using some web-based service like Gmail where I don't have to 0:00:54.680000 --> 0:00:58.240000 download anything special, all I have to do is bring up my web browser, 0:00:58.240000 --> 0:01:04.560000 direct it to wherever the mail server is located using HTTP or HTTPS. 0:01:04.560000 --> 0:01:08.720000 And then all of my transactions are, let's just say for the sake of simplicity, 0:01:08.720000 --> 0:01:14.080000 HTTP related as far as creating emails, as far as downloading emails, 0:01:14.080000 --> 0:01:16.080000 it's all based via HTTP. 0:01:16.080000 --> 0:01:18.220000 So let's take a look at both those scenarios. 0:01:18.220000 --> 0:01:23.840000 So scenario number one is using either IMAP or POP. 0:01:23.840000 --> 0:01:30.300000 So this is a scenario where, like in my first case, you are using some 0:01:30.300000 --> 0:01:36.440000 standalone email application like Outlook or Apple Mail or Eudora or something 0:01:36.440000 --> 0:01:40.020000 like that on your laptop, PC or notebook. 0:01:40.020000 --> 0:01:43.620000 This is some email application you had to download and install and then 0:01:43.620000 --> 0:01:46.880000 point that application at the email server. 0:01:46.880000 --> 0:01:50.440000 Now when I say email server, the technical term for that is called an 0:01:50.440000 --> 0:01:53.620000 MX or a mail exchange server. 0:01:53.620000 --> 0:01:58.480000 So this is a situation where you download some application onto your laptop 0:01:58.480000 --> 0:02:04.220000 or PC and the mail exchange server is something that your company controls. 0:02:04.220000 --> 0:02:08.040000 So the mail exchange server is some Windows server or some Linux or Unix 0:02:08.040000 --> 0:02:13.120000 server that some IT staff within your company, they installed it, they 0:02:13.120000 --> 0:02:14.980000 control it, it's all up to them. 0:02:14.980000 --> 0:02:20.180000 So in that particular case, step number one, when you're creating an outbound 0:02:20.180000 --> 0:02:26.380000 email, you would open up, let's just say Microsoft Outlook as an example. 0:02:26.380000 --> 0:02:30.180000 And in Microsoft Outlook, you would create your email, type in your text, 0:02:30.180000 --> 0:02:33.160000 add your attachments and then your last step would be to press the send 0:02:33.160000 --> 0:02:36.620000 button. Now when you're pressing the send button, what's actually taking 0:02:36.620000 --> 0:02:41.540000 place is you are invoking the simple mail transfer protocol or SMTP. 0:02:41.540000 --> 0:02:44.060000 And that's what we see right here in step number one. 0:02:44.060000 --> 0:02:49.780000 So you are pushing out all that email you just created via SMTP to your 0:02:49.780000 --> 0:02:51.540000 mail exchange server. 0:02:51.540000 --> 0:02:55.440000 So let's say in this particular case, you are John and you are working 0:02:55.440000 --> 0:03:02.480000 for INE.com. Okay, so via SMTP, you're now pushing that to a mail exchange 0:03:02.480000 --> 0:03:06.820000 server that might just be 50 or 100 feet away from you in another part 0:03:06.820000 --> 0:03:09.200000 of the building or maybe located in another part of the campus. 0:03:09.200000 --> 0:03:12.500000 That is all the simple mail transfer protocol. 0:03:12.500000 --> 0:03:16.820000 Okay, so now the INE.com mail exchange server has your email. 0:03:16.820000 --> 0:03:19.380000 It takes a look at the destination and you've said that the destination 0:03:19.380000 --> 0:03:23.860000 is Sally at some other company like acme.com. 0:03:23.860000 --> 0:03:28.760000 Okay, the mail exchange server says, well, this is acme.imini.com, this 0:03:28.760000 --> 0:03:33.100000 needs to go to acme.com, that's clearly a different mail exchange server. 0:03:33.100000 --> 0:03:36.480000 So step number two, there's going to be some sort of DNS resolution. 0:03:36.480000 --> 0:03:39.960000 Your mail exchange server has to know what the destination IP address 0:03:39.960000 --> 0:03:45.440000 is of the mail exchange server that's hosting acme.com's emails. 0:03:45.440000 --> 0:03:50.480000 So that'll be done via DNS where you will ask for an MX record. 0:03:50.480000 --> 0:03:55.540000 And you'll get the IP address back, hopefully, of that MX record. 0:03:55.540000 --> 0:03:58.620000 So step number three is we're going to further do SMTP now. 0:03:58.620000 --> 0:04:03.300000 Now your mail exchange server of INE .com will push that email via the 0:04:03.300000 --> 0:04:08.440000 simple mail transfer protocol out to the destination IP address of acme 0:04:08.440000 --> 0:04:12.960000 .com, which in this case is, let's say, for example, 9.9.9.9. 0:04:12.960000 --> 0:04:16.220000 Now here is where SMTP ends. 0:04:16.220000 --> 0:04:21.660000 Now the email is residing on the acme .com mail exchange server over here 0:04:21.660000 --> 0:04:24.680000 in the right box, the blue box here. 0:04:24.680000 --> 0:04:31.220000 Now, an hour or a day or maybe a week later, Sally comes along, boots 0:04:31.220000 --> 0:04:37.380000 up her email program, Eudora Microsoft Outlook, Apple Mail, whatever it 0:04:37.380000 --> 0:04:41.760000 is, and now she's going to send a message to her mail exchange server 0:04:41.760000 --> 0:04:45.520000 and saying, please, show me what emails I have. 0:04:45.520000 --> 0:04:49.920000 Now, she could use one of two protocols on her standalone client. 0:04:49.920000 --> 0:04:53.380000 She could use POP3 or IMAP. 0:04:53.380000 --> 0:04:55.180000 What's the difference? 0:04:55.180000 --> 0:04:59.820000 Okay, if Sally says, you know what, what I want to be able to do is be 0:04:59.820000 --> 0:05:03.640000 able to check on my emails right now from my laptop, but then later on 0:05:03.640000 --> 0:05:09.020000 tonight, I want to be able to take out my tablet or my smartphone and 0:05:09.020000 --> 0:05:12.600000 also contact that same mail exchange server and look at the emails there. 0:05:12.600000 --> 0:05:15.340000 I want to be able to use different devices. 0:05:15.340000 --> 0:05:18.860000 And from any device I want to be able to delete an email, from any device 0:05:18.860000 --> 0:05:22.720000 I want to be able to download an email, for example, right now Sally says, 0:05:22.720000 --> 0:05:26.580000 I want to open up my laptop, see a listing of all my emails, click on 0:05:26.580000 --> 0:05:28.080000 one and read it. 0:05:28.080000 --> 0:05:31.480000 Now, six hours from now when Sally's back home, she wants to be able to 0:05:31.480000 --> 0:05:34.800000 open up her tablet and read that exact same email. 0:05:34.800000 --> 0:05:39.100000 So clearly, the email cannot be downloaded from the mail exchange server 0:05:39.100000 --> 0:05:42.660000 because if it was actually downloaded to her laptop, the mail exchange 0:05:42.660000 --> 0:05:44.960000 server wouldn't have it anymore. 0:05:44.960000 --> 0:05:48.020000 So she opened up her tablet or her smartphone, tried to read that same 0:05:48.020000 --> 0:05:53.860000 email she wouldn't be able to because it had been downloaded to her laptop. 0:05:53.860000 --> 0:05:56.420000 So if she wants to have, she wants the ability to be able to have mobile 0:05:56.420000 --> 0:06:01.580000 devices and read any email at any time, she's going to want to use IMAP. 0:06:01.580000 --> 0:06:02.840000 That's what IMAP is for. 0:06:02.840000 --> 0:06:07.620000 So with IMAP, the email stays on the mail exchange server. 0:06:07.620000 --> 0:06:11.480000 With IMAP, she's sending instructions to the mail exchange server saying, 0:06:11.480000 --> 0:06:13.700000 hey, give me a listing of the emails. 0:06:13.700000 --> 0:06:18.460000 Send me a copy of this email, let me read it right here. 0:06:18.460000 --> 0:06:21.860000 And when she presses the delete button in IMAP, that's actually deleting 0:06:21.860000 --> 0:06:25.300000 it from the mail server where to now she can't read it anymore from anything 0:06:25.300000 --> 0:06:30.980000 else. So IMAP is good if you plan on accessing the email from multiple 0:06:30.980000 --> 0:06:33.480000 different devices at multiple different times. 0:06:33.480000 --> 0:06:37.520000 It's more of a control protocol where you're controlling what the server 0:06:37.520000 --> 0:06:39.420000 is doing with that email. 0:06:39.420000 --> 0:06:44.280000 Pop would be an example of where you actually download the email from 0:06:44.280000 --> 0:06:48.460000 the mail exchange server directly to your local machine, like your laptop, 0:06:48.460000 --> 0:06:49.940000 and then you read it right there. 0:06:49.940000 --> 0:06:54.580000 At that point, the email is no longer on the mail exchange server, it's 0:06:54.580000 --> 0:06:58.640000 gone. You can't open up your tablet or your smartphone later on and read 0:06:58.640000 --> 0:06:59.760000 that exact same email. 0:06:59.760000 --> 0:07:01.100000 It's been downloaded. 0:07:01.100000 --> 0:07:04.060000 It is no longer on that device. 0:07:04.060000 --> 0:07:06.740000 Okay, so that's IMAP and POP. 0:07:06.740000 --> 0:07:13.500000 Another example is where we are using HTTP or HTTPS. 0:07:13.500000 --> 0:07:15.640000 So this is like, for example, doing Gmail. 0:07:15.640000 --> 0:07:19.440000 Okay, now with Gmail, maybe you've got an email address of, you know, 0:07:19.440000 --> 0:07:21.980000 K Bogart at gmail.com. 0:07:21.980000 --> 0:07:25.060000 Okay, so you're just using Gmail as a domain or if you're using something 0:07:25.060000 --> 0:07:29.800000 like G Suite for business or G Suite for the enterprise, you might actually 0:07:29.800000 --> 0:07:33.720000 have an email address of K Bogart at INE.com. 0:07:33.720000 --> 0:07:39.680000 But in both cases, the mail exchange server is not on your company's premises. 0:07:39.680000 --> 0:07:43.060000 It's a mail exchange server that's hosted by Google. 0:07:43.060000 --> 0:07:46.900000 So they've got mail exchange servers all over the world and data centers 0:07:46.900000 --> 0:07:47.640000 all over the world. 0:07:47.640000 --> 0:07:52.240000 And as part of paying for the business G Suite, you can have an email 0:07:52.240000 --> 0:07:54.240000 address that's got your company's name in it. 0:07:54.240000 --> 0:07:57.600000 But in either case, the mail exchange server, unlike what we just looked 0:07:57.600000 --> 0:08:01.040000 at, is not located on the company premises. 0:08:01.040000 --> 0:08:03.360000 It's located in Google's cloud. 0:08:03.360000 --> 0:08:10.160000 And the way you access it is all based on most likely secure HTTP, HTTPS. 0:08:10.160000 --> 0:08:14.320000 So now here, when you actually bring up your email, you're just doing 0:08:14.320000 --> 0:08:16.020000 it within the confines of your web browser. 0:08:16.020000 --> 0:08:18.120000 You didn't have to download anything special. 0:08:18.120000 --> 0:08:22.080000 So as you're creating your email, it's all via HTTP commands that you're 0:08:22.080000 --> 0:08:23.880000 typing in your text. 0:08:23.880000 --> 0:08:24.760000 You're changing the color. 0:08:24.760000 --> 0:08:26.820000 It's all via HTTPS. 0:08:26.820000 --> 0:08:30.700000 So you're crafting, creating the email right there on the mail exchange 0:08:30.700000 --> 0:08:33.500000 server itself. So that's step number one. 0:08:33.500000 --> 0:08:36.740000 You're not really pushing anything up to the server. 0:08:36.740000 --> 0:08:39.280000 You're actually on the server, creating it right there. 0:08:39.280000 --> 0:08:44.280000 Now, once you press the send button in, for example, Gmail, then you're 0:08:44.280000 --> 0:08:50.020000 instructing that mail exchange server that's hosted by Google as an example 0:08:50.020000 --> 0:08:52.500000 to do the same type of thing. 0:08:52.500000 --> 0:08:57.280000 So let's, in this case, let's just assume that it's Gmail on both sides, 0:08:57.280000 --> 0:09:02.240000 both John and Sally, even though they work for different companies, their 0:09:02.240000 --> 0:09:04.900000 companies are using G Suite. 0:09:04.900000 --> 0:09:10.680000 So even though John has at Iany.com and Sally has at Acme.com in reality, 0:09:10.680000 --> 0:09:14.540000 both of their mail exchange servers are being hosted by Google. 0:09:14.540000 --> 0:09:18.160000 So in that particular case, there's still going to be some sort of SMTP 0:09:18.160000 --> 0:09:22.460000 transaction most likely between the mail exchange server that's close 0:09:22.460000 --> 0:09:26.700000 to where John is and the mail exchange server that is close to where Sally 0:09:26.700000 --> 0:09:30.200000 is. And there's going to have to be some sort of resolution there so that 0:09:30.200000 --> 0:09:34.700000 the Gmail server that's hosting Iany .com can discover where the other 0:09:34.700000 --> 0:09:39.480000 Gmail server is that's hosting acme.com. 0:09:39.480000 --> 0:09:45.180000 Now, as I wrap up here, the main thing I want you to think about is the 0:09:45.180000 --> 0:09:46.640000 SMTP transaction. 0:09:46.640000 --> 0:09:50.980000 We've talked about that there's SMTP transaction between mail exchange 0:09:50.980000 --> 0:09:54.820000 servers. So when what mail exchange server one wants to talk to mail exchange 0:09:54.820000 --> 0:09:59.560000 server number two, that is all the simple mail transfer protocol to upload 0:09:59.560000 --> 0:10:02.300000 and download emails between mail exchange servers. 0:10:02.300000 --> 0:10:06.440000 We also talked about IMAP and POP and where you might see those. 0:10:06.440000 --> 0:10:10.820000 As we go further along into this course, I want you to think about where 0:10:10.820000 --> 0:10:13.460000 the SMTP transaction is happening. 0:10:13.460000 --> 0:10:17.560000 Why? Because as we talk about things like the Cisco email security appliance, 0:10:17.560000 --> 0:10:21.500000 which is going to be coming up, the Cisco ESA only is coming up. 0:10:21.500000 --> 0:10:24.760000 So, what is the most capable of looking at SMTP? 0:10:24.760000 --> 0:10:30.800000 The Cisco ESA does not fit where the IMAP or the POP transactions take 0:10:30.800000 --> 0:10:33.840000 place. The Cisco ESA doesn't have visibility to that. 0:10:33.840000 --> 0:10:37.240000 It can't read. It can't understand IMAP and POP. 0:10:37.240000 --> 0:10:41.860000 It only takes place as SMTP is going back and forth and that's where you 0:10:41.860000 --> 0:10:43.360000 would fit that appliance. 0:10:43.360000 --> 0:10:46.540000 And we'll look more about that as we talk about the Cisco ESA. 0:10:46.540000 --> 0:10:51.900000 So that wraps up this discussion on the email pipeline and the protocols 0:10:51.900000 --> 0:10:53.800000 that are used in that pipeline.