Tag: email

Today, I would like to talk about the habit that some companies still enforce. Sending HTML emails - ideally with some pseudo-legal notices and statements. Read on to find out why this is plain wrong on all counts.

After creating a robust solution for mail sending, filtering, delivering and storing, one starts wondering how to add more confidentiality and integrity to such communication setup security mix. DKIM signatures and SPF records are mostly helpful for fighting spam, but for an targeted attack they pose little to no threat. And as targeted attacks are always really big threat, this does not make the situation look very optimistic for the email user. Nowadays, there are at least two major standards used for securing email communication. Both have their advantages and both have their disadvantages - so let's have a closer look at both of them. And as you can probably guess, we are getting closer to our goal of securing email communication using at least one of these standards.

Last week we have discussed something rather boring - casual email communication and the security implications (or more like the lack of security) of using it. We have just re-phrased the well-known fact that casual email communication is far from secure with respect to confidentiality, integrity and authenticity. Today we are about to present a widely used class of solutions that make Eve's life harder, but I am afraid that today is not the day I can present you with ultimate solution to email communication security. But as you probably know, security is a gradual process rather than a product - a silver bullet - that solves all your problems. Read on for our gradual approach.

After ranting about elliptic curves for more than three months, it is probably the time to pause for awhile and think where the encryption based on elliptic curves of some kind might be really needed. Although many people might disagree, for some of us, liberating the communication between people is the most important thing the Internet brought. And although the generic data communication by transferring data packets over the network do not provide much convenience to an ordinary human being, if we look at some real human-to-human communication on the Internet, the email fits in really well. It has its quirks - but what does not?

After venturing into the basic architecture of a robust email solution last week, we will look into the remaining missing bits today. Then we should look for some answers about how to secure the email communication end-to-end. In this article we find anti-spam and anti-virus solution integrated into our infrastructure, configure server-side filters, add DKIM[1] signing and verification and give our users nice webmail interface to use.