Security Basics mailing list archives
Re: Email Forward/Auto Response
From: "Chris Barber" <cmbarber () gmail com>
Date: Sat, 26 Jan 2008 16:58:44 -0700
First let me make sure we are on the same page. You are wanting to know first how to get email for Joe.Blow () company-x com to Joe.blow () company-y com, and then make sure it gets there without being stored, forwarded, read or archived? The first part is very easy. On the SMTP Gateway you create and alias for the joe.blow () company-x com address and make the deliver to address joe.blow () company-y com. First part achieved. The second part is not so easy. First off you have to know what company-x's smtp gateway is doing. If it is doing any form of virus checking the storage part of your request is not possible as most email virus scanning software uses the sotre and forward method to scan the message. If the alias is setup in such a manner that it is handled before any virus scanning then you would not have any issue, but the transaction would b logged and the message would be stored in the SMTP logs of the SMTP gateway anyway. The forwarded part is out by default as that is what you are doing. Not having the message read, is do-able, but requires cooperation from both comanies, and would require a VPN between both E-Mail servers. This way the transmission would not be seen by anyone. If you are just concerned about other email users, not a problem, the message would only reside in the logs of the gateway, and never make it into the mail servers message store. Again, the message would only be stored in the SMTP transaction logs and nowhere else. If there is a true business requirement, and as long as it is documented and agreed to by both companies, I do not see any compliance issues. As for any security issues, there are no more risks than exist with just having an e-mail server, but you may open an attack vector that puts company-x in the middle of an attack between an attacker and company-y. Hope this helps, Chris. On 1/25/08, _ _ <markpalmer () austin rr com> wrote:
What is required to occur if company X (company-x.com) wants to activate an email auto-response for email sent to Joe Blow at joeblow () company-y com and insure that email sent to this address is not read, forwarded, stored or archived? Also, would there be any security or compliance risks associated with doing this (if it is even technically possible)?
-- +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | | / \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
Current thread:
- Email Forward/Auto Response _ _ (Jan 25)
- RE: Email Forward/Auto Response David Gillett (Jan 25)
- Re: Email Forward/Auto Response Chris Barber (Jan 28)