Emails are the most commonly used technology for exchanging messages between people/businesses using electronic media. With every technology, there comes a risk. This medium of message exchange has been used the most by cybercriminals for manifesting different crimes. Hence email forensics plays a very important role in any cybercrime investigation. There are a lot of different providers who offer email clients eg: outlook, thunderbird etc.
Before getting into forensics, it’s worth understanding some of the basic components of an email.
Mail User Agent (MUA): Mail User Agent, is the mail user agent which is used as a client-side application running on a computer for sending and receiving emails. Example: microsoft Outlook, ThunderBird,
Mail Transfer Agent (MTA): Mail Transfer Agent accepts messages from a sender and routes it to the destination. Example of MTA is postfix, Sendmail , microsoft exchange etc.
MUA communicates with MTA using different protocols like IMAP & POP3 to download the messages intended for the receiver. Use of IMAP over POP3 enables the message to be on the server so that the mailbox can be consistent across multiple devices.
Sender policy Framework (SPF): Sender policy framework can be used by an organization to specify a server or