RE: email fowarding
From: Steve Vawter (svawter@sigma.net)Date: 06/27/02
- Previous message: Clinton McDonald: "Wireless VPN cracking."
- Maybe in reply to: Marcus James: "email fowarding"
- Next in thread: Ben Corman: "RE: email fowarding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Jun 2002 11:07:20 -0700 From: Steve Vawter <svawter@sigma.net> To: security-basics@securityfocus.com
I believe that this can be a serious breach of Confidential
information. If I (working at the same company) don't know that when I
send you email that it will leave the Corporate intranet I may send
confidential or proprietary data to you, which would then cross the
Internet and possibly be intercepted.
My take has been to forward the HEADERS ONLY offsite and deliver the
entire email to the corporate address. While headers may give something
away, likely it won't be much.
Marcus James' said:
Here's the situation:
One of the companies I work at enables certain users to foward their
email to an external address of their choice. So internal email sent to
an employee may be fowarded externally to a hotmail account for example.
What I am trying to determine is what the best practices are in this
regard. My gut-feel says that this is not a good idea since email is
"inherently insecure" and may be intercepted and so on and so forth. But
on the other hand is this such a big deal? I'm not sure.
A second question: Would forcing users to use a web interface to access
their email instead be "more secure"?
Thanks...
- Previous message: Clinton McDonald: "Wireless VPN cracking."
- Maybe in reply to: Marcus James: "email fowarding"
- Next in thread: Ben Corman: "RE: email fowarding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
