global email forensics | email expert witness | smtp

+1 (323) 955 1390

SMTP Evidence | Mail Server Roles | Expert Witness Knowledge

by

Rob Walton
in

Expert SMTP Evidence | Examination of Email Evidence as a Witness

As an expert witness for email digital evidence examination, the SMTP mail server roles are an important area of focus. This blog post describes the different SMTP mail server roles and how they relate to expert witness testimony for any court case where SMTP evidence is present.

Any information system used for email purposes can have different sub-functions (roles) within it, depending on its exact role within a particular information system.  Internet standard RFC 5598 provides a clear definition of these mail server roles.

Email Evidence: Mail Server Role Definitions

https://www.rfc-editor.org/rfc/rfc5598.pdf

  • ADMD: ADministrative Management Domains -> This independence of administrative decision-making defines boundaries that distinguish different portions of the Internet Mail service.
  • MUA: Mail User Agent -> The client software any individual uses to send email.
  • MSA: Mail Submission Agent -> The Mail Server software that receives a message after the user sends it in the MUA. The sending user’s MUA connects directly to the MSA and submits the message into the SMTP process.
  • MTA: Mail Transfer Agent -> The Mail Server software that passes the message along to other servers (MTAs) in the series of hops between sender and receiver. Multiple MTAs are involved in the transfer of an email message. An MTA is both an SMTP client and server.
  • MX: Mail Exchanger -> The system identified as a responsible receiver for mail sent to a given hostname or domain. The receiver system is designated in a DNS record with the “MX” record type. Each destination host or domain can have multiple MXes for redundancy and load balancing purposes. The MX serves as a last step using SMTP connection.
  • MHS: The purpose of the Message Handling System (MHS) is to exchange an email message object among participants
  • MDA: Mail Delivery Agent -> The Mail Server software that provides mail messages to a user after successful authentication.

Email Evidence: Mail Server Roles Conceptual Example

A conceptual diagram representing the mail server roles and relationships is shown below.

Email delivery pathway for an email forensic consulting project.
Mail Server Roles

The delivery steps between the various stages described here are immutably logged in the message header of any SMTP message as clear event types.  This information allows a clear picture of all the various stages involved in the email delivery. SMTP evidence can be present in any court case involving the mail server roles.

Sub-roles (apart from MUA) are all roles that can be performed by a Mail Server. A Mail Server will reside in a particular information system, and merely describe the sub-role it may be performing within any information system. 

Any mail server will provide security to the email transport layer. See emailsecurityexpert.com to hire an email security expert.

Email Information System Definitions

An email information system is defined as an ADMD in terms of the RFC5598.

These are common examples of ADMDs:

  • Enterprise Service Providers: These ADMDs operate the internal data and/or the mail services within an organization.
  • Internet Service Providers (ISP): These ADMDs operate the underlying data communication services. ADMDS used by one or more Relay and User. ISPs are not responsible for performing email functions, however they can provide an environment in which those functions can be performed.
  • Mail Service Providers: These ADMDs operate email services, such as for consumers or client companies.

One example of an “Enterprise Service Provider” ADMD is an information system operated by a company or business.

It is the MTA role that is relevant when examining email delivery questions.

Email Information System Migration Expert

A business may decide to move from an old to a new email information system. With an email migration from Exchange to Office 365 we recommend Office365migrate.com for email migration expert consultants.

Summary: SMTP Mail Server Roles

A Mail Server can perform multiple roles in the context of email delivery SMTP evidence, and it is important that any expert email witness understands each mail server role.

Any email forensics expert should be able to credibly explain the mail server roles and how the relate to the defined RFC standard for mail server delivery. This explanation, along with a clear understanding of the qualifications and work history of an email expert witness, will help in any court case.

Contact us today for help in your email litigation action where you need an email messaging expert.

If you are reading this article and need help with your email migration project to Office 365, then please contact the team at office365migrate.com

Table of Contents