E-Mail In Peril

Ever-more-sophisticated e-mail attacks threaten to swamp this vital business tool. Can anyone throw us a lifeline?

Avi Baumstein, Contributor

March 27, 2008

1 Min Read
InformationWeek logo in a gray background | InformationWeek

STOP THAT DATA

Once the "how" is worked out, mail systems must decide which messages are to be encrypted. In the case of bank statements and medical data, that's simple. But the big trend here is that vendors are merging data leak protection, or DLP, functionality into their e-mail systems, letting IT establish rules to encrypt messages when the content warrants. Using DLP techniques, rules can be keywords and/or regular expressions. Some products even include the ability to fingerprint key data files, so the mail server can recognize them and either encrypt them or refuse to send the e-mail.

Of course, another option is to encrypt everything. All of the vendors we talked to support SMTP-Transfer Layer Security to encrypt the entire data connection between mail servers. The benefit of this approach is that it's seamless to users while protecting all data in transit. The downside is that IT can reliably count on SMTP-TLS working only with established partners. When encryption is essential, you must configure the mail server to refuse to send to servers that don't support SMTP-TLS.

Also, because SMTP-TLS protects mail only in transit between mail servers, messages are subject to interception if there are intermediate stops outside the control of either party, such as an ISP relay. Messages are in plain text when stored in the recipient's mailbox, so the receiving party needs to understand the risk if its mail server were to be compromised. This isn't to say SMTP-TLS isn't useful, but as with all types of security, it should be just one link in the chain.

Continue to the sidebar:
Our Take: Any Spam is too Much

Read more about:

20082008

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights