Integrating E-mail: From the Intranet to the Internet
By Simon Collin
E-Mail Message Security Standards
E-Mail Message Security Standards
There have been a number of scares, over the past few years, with some of the messaging standards that have provided scant security. The worst offenders have been the SMTP message transfer protocol, which transfers the message text in plaintext form over an open link, and MIME attachments, which transfer file attachments without encryption. As described in Chapter 3 , most Internet mail protocols work by sending text commands followed by a stream of text for the message.
These two loopholes have been closed by most of the new mail server applications. When choosing your mail server, ensure that it supports most of the following security features, which will provide a combination of encryption, authentication, and validation. These are vital if you want to transfer sensitive messages and attachments over an open link (i.e., the Internet).
Protecting the Data Stream
One method is to protect the entire data stream between two servers; for example, Microsoft Windows NT/AS can encrypt all the data it transmits. This technique applies particularly to UNIX networks and the Internet, where it is important to protect all your information. In addition to the proprietary standards used in LANs, three main Internet protocols cover this function:
?
SSL (secure sockets layer) is a transparent security layer supported by an SSL sever application on your Web server to provide an encrypted channel for communication between the client and server. SSL security will work with any client-to-server protocol including IMAP4.
?
The authenticated...
Copyright Simon Collin 1999 under license agreement with Books24x7