RE: email fowarding

From: Machtolff, Andrew J (ajmachtolff@tva.gov)
Date: 06/27/02 

From: "Machtolff, Andrew J" <ajmachtolff@tva.gov>
To: "'Marcus James'" <marcus01@post.com>, security-basics@securityfocus.com
Date: Thu, 27 Jun 2002 13:48:10 -0400

Another aspect of this issue which I have encountered is the DoS that occurs
when the external e-mail box is no longer there. The external mail server
sends an error e-mail to the user's mailbox on your server, which is
AutoForwarded to the non-existent mailbox. A never-ending loop ensues.

I know for a fact that Exchange 5.5 can't handle this situation, and, after
filling up the server's hard drive(s), generally crashes.

I know that this is not directly related to your original question, but
since it is, in effect, a DoS (a security-related issue), I believe it to be
pertinent.

Thanks,

Andrew M

-----Original Message-----
From: Marcus James [mailto:marcus01@post.com]
Sent: Wednesday, June 26, 2002 6:44 PM
To: security-basics@securityfocus.com
Subject: email fowarding

Here's the situation:

One of the companies I work at enables certain users to foward their email
to an external address of their choice. So internal email sent to an
employee may be fowarded externally to a hotmail account for example. What I
am trying to determine is what the best practices are in this regard. My
gut-feel says that this is not a good idea since email is "inherently
insecure" and may be intercepted and so on and so forth. But on the other
hand is this such a big deal? I'm not sure.

A second question: Would forcing users to use a web interface to access
their email instead be "more secure"?

Thanks... 

-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

Save up to $160 by signing up for NetZero Platinum Internet service.
http://www.netzero.net/?refcd=N2P0602NEP8