Re: Securing Email

[pinowudi <pinowudi () gmail com>]

Tumbleweed offers a mail gateway that encrypts all email in transit
between trusted partners and send the recipient a link for untrusted
domains.  Link addresses the Tumbleweed HTTPS server, where the user
presents some authentication from the message to receive the content of
the email over HTTPS webmail-like interface.  The idea is that no data
leaves the trusted enclaves unencrypted.



Deanosaur wrote:
> If you are using Exchange, native Outlook can perform secure email sign
> and encrypt easily.  Why not use that instead of a 3rd party product.
>
>
> ----- Original Message ----- From: "Jonathan Smith"
> <smithj () freethemallocs com>
> To: <security-basics () securityfocus com>
> Cc: "JD Brown" <jd.brown () smallenoughtocare com>
> Sent: Saturday, December 22, 2007 7:55 AM
> Subject: Re: Securing Email
>
>
> > On Friday 21 December 2007 14:52, JD Brown wrote:
> > > Hi list, I would like to get some suggestions regarding products out
> > > there to secure email.  Preferably, I'd like to see an appliance that
> > > could make the process as transparent as possible to the user.  Any
> > > input would be greatly appreciated.
> >
> > Secure against... what? There's only so much you can do to secure email
> > without greatly affecting your users, but I'll list a few suggestions.
> >
> > * Configure SMTP mail servers to use TLS. for clients which use tls
> > (most do
> > these days) this makes MITM impossible for mail in-transit
> > * configure pop/imap to use SSL/TLS. this prevents MITMs for mail being
> > downloaded by end-users
> > * use SpamAssassin for spam filtering. you can pretty easily set up a
> > script
> > to run over a folder called "Junk" to learn junk mail and tell users
> > to just
> > put junk in that folder instead of deleting it
> > * ClamAV for anti-virus. its free, high quality, and did I mention free?
> >
> > smithj