Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: DBMail: users Re: mail encryption   Index | Next | Previous | View Flat

mluich at globalcerts Jan 28, 2008, 10:01 AM Views: 1947 Permalink Re: mail encryption [In reply to] My company, Globalcerts LC (http://www.globalcerts.net) builds email encryption appliances. Our CEO asked us if our product could do this and we took a look. Ours won't as we only handle mail leaving the organization and it's transport across the net, but it is possible to do. Dbmail does not currently support encrypted storage. It is possible, but would require extensive work on dbmail, you would still end up with the headers in the clear in the DB, but there's no technical reason it can't be done. I'm also sure your CEO doesn't want to have to do it himself, Worry about key's, and hit extra buttons. That is the part that makes it REALLY difficult. The only REAL answer is to encrypt the message at it's source and decrypt it at it's destination. And this requires a lot more than Dbmail can handle alone. Michael Luich Programmer / Systems Engineer GlobalCerts M. J. [Micheal] OBrien wrote: > The CEO and CFO might be surprised to learn that writing something on > an email is pretty much like writing it on the back of a postcard and > mailing it. You will not absolutely prevent electronic mail sent > through the SMTP protocol (over 20 years old) from being read by > persons other than the recipient. We have run PGP keyservers for over > a decade and never knew a system admin who could not read the mail > even in a high security environment. If there is an issue with > internal administrators, maybe the concerned CEO and CFO individuals > should have email accounts elsewhere so that only "trusted" > administrators at another company or institution can read their mail :o( > > Here is a personal user's tool many people use for handling the > occasional mail security issue. http://www.canadaemails.com/encrypt.shtml > Here is another personal user's tool: > http://www.thawte.com/secure-email/personal-email-certificates/ > Her is a system admin's tool: http://gnupg.org/ > > In all of the above cases its more of a security-blanket "therapy" > than a real security solution. The NSA, CIA, FBI and God all > occasionally get their email read by somebody other than the intended > recipient. > best of luck. > Mike > > Sim Zacks wrote: >> I've read a lot about password encryption with dbmail, but does (or >> can) dbmail support encrpytion of the actual messages? >> Our CEO and CFO are both very concerned with the idea of switching to >> IMAP because it would make it simple for the system administrators to >> read their email. They aren't as concerned with sniffers and stuff >> like that because that would require constant vigil. They are >> concerned that someone can open the mysql database (or go into the >> dbmailadministrator web front end) and query the database. >> >> I was thinking that mail clients generally support SSL, which leads >> me to believe that if the user's public key is stored on the server >> then the dbmail should be able to encrypt all messages going into his >> box before they are stored and then the client will be able to open >> it with their private key. >> >> Is something like this in place already? >> >> Thank you >> Sim >> _______________________________________________ >> DBmail mailing list >> DBmail [at] dbmail >> https://mailman.fastxs.nl/mailman/listinfo/dbmail > _______________________________________________ > DBmail mailing list > DBmail [at] dbmail > https://mailman.fastxs.nl/mailman/listinfo/dbmail > > > This email and any files transmitted with it are confidential and > intended solely for the individual(s) or entity to whom they are > addressed. > > If you have received this email in error please notify the originator > of the message. > > Any views expressed in this message are those of the individual sender. > > This message has been scanned for Content, viruses and spam by > GlobalCerts RiskFilter - E-mail. > www.GlobalCerts.net > This email and any files transmitted with it are confidential and intended solely for the individual(s) or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. This message has been scanned for Content, viruses and spam by GlobalCerts RiskFilter - E-mail. www.GlobalCerts.net _______________________________________________ DBmail mailing list DBmail [at] dbmail https://mailman.fastxs.nl/mailman/listinfo/dbmail

Subject User Time mail encryption sim at compulab Jan 27, 2008, 11:01 PM     Re: mail encryption guntis at rixtel Jan 27, 2008, 11:41 PM         Re: mail encryption sim at compulab Jan 28, 2008, 12:33 AM             Re: mail encryption guntis at rixtel Jan 28, 2008, 1:30 AM                 RE: mail encryption jon at host-it Jan 28, 2008, 1:48 AM     Re: mail encryption paul at nfg Jan 28, 2008, 12:56 AM     Re: mail encryption paul at nfg Jan 28, 2008, 12:56 AM     Re: mail encryption michael.monnerie at it-management Jan 28, 2008, 4:19 AM     Re: mail encryption mike at mobrien Jan 28, 2008, 8:46 AM         Re: mail encryption mluich at globalcerts Jan 28, 2008, 10:01 AM             Re: mail encryption michael.monnerie at it-management Jan 28, 2008, 2:03 PM                 Re: mail encryption michael.monnerie at it-management Jan 28, 2008, 2:39 PM                 Re: mail encryption robert at summernetworks Jan 28, 2008, 2:50 PM                 Re: mail encryption mike at mobrien Jan 28, 2008, 9:00 PM                     Re: mail encryption mike at mobrien Feb 4, 2008, 1:56 PM     Re: mail encryption jake at vapourforge Jan 28, 2008, 3:23 PM     Re: mail encryption sim at compulab Jan 28, 2008, 10:58 PM         Re: mail encryption marc at electronics-design Jan 28, 2008, 11:48 PM     Re: mail encryption sim at compulab Jan 29, 2008, 1:19 AM         Re: mail encryption marc at electronics-design Jan 29, 2008, 1:30 AM         Re: mail encryption paul at nfg Jan 29, 2008, 4:01 AM         Re: mail encryption michael.monnerie at it-management Jan 29, 2008, 4:05 AM             Re: mail encryption marc at electronics-design Jan 29, 2008, 4:05 AM                 Re: mail encryption sim at compulab Jan 29, 2008, 4:26 AM                 Re: mail encryption michael.monnerie at it-management Jan 29, 2008, 4:50 AM                     Re: mail encryption davel at dsp-services Jan 29, 2008, 9:08 AM                         Re: mail encryption sim at compulab Jan 29, 2008, 10:28 PM                             Re: mail encryption casper at bcx Jan 30, 2008, 3:35 AM         Re: mail encryption cloos at jhcloos Jan 29, 2008, 11:57 AM     Re: mail encryption skraps at hushmail Mar 27, 2012, 2:10 AM

Index | Next | Previous | View Flat   DBMail     users     dev

Interested in having your list archived? Contact Gossamer Threads
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.