Thread: Mail Security Issue
View Single Post

  #4 (permalink)  
Old 07-30-2004
The Doctor
 
Posts: n/a
Default Re: Mail Security Issue
In article <f0vig0ltt9e5tpno85chu651q3qo7aagot@4ax.com>,
Claire Tucker <fake@invalid.invalid> wrote:
>On Thu, 29 Jul 2004 22:28:54 +0000 (UTC), doctor@edmontonab.ca (The
>Doctor) wrote:
>
>>I have the following scenario:
>>
>>On a Secure Web Site, we have an e-mail sign up form.
>>
>>The person wanting to develop this is concerned about spammer intercepting
>>the e-mail address of signee.
>>
>>We are using Apache and SSL.
>>
>>What issues should myself, the system admin, and the developer be looking
>>out for and how far can we secure this site.
>
>You've cross-posted this to several groups which have very different
>focuses, and so I can't tell what point of view you're thinking of
>here.

1) Security 2) E-mail Security 3) Web Security 4) SSL implications

>
>You say you are using SSL, so presumably you aren't concerned about
>the address being submitted from the browser to the web server. I
>guess, then, that you must be thinking of the outgoing mail.

Broswer point to Secure Web Server for Sign Up to Mailing list.
You then e-mail to join mailing list.
>
>You aren't exactly clear about what your site is doing. I *think* what
>you're saying is that you're asking for an email address and then
>presumably sending mail to the new user, perhaps to "validate" the
>given email address.

Validation should be part of the process, however this is to join
a confidential mailing list.

>
>In this case, there's not really much you can do about the mail
>transfer; SMTP in general operates over unencrypted links, and the
>mail you're sending could pass through several mail servers before it
>reaches its ultimate destination. If this concerns you, then I have to
>say that perhaps your only option is to not send the mail at all.

What about SMTP via SSL?

>
>Assuming I've got your focus and situation right here, I'm going to
>trim the followups to comp.security.misc which seems to be the only
>applicable newsgroup you crossposted to.
>
>All the best,
>-Claire


--
Member - Liberal International
This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Microsoft is not the solution; it is the question; what is the answer?? NO!!