Is there significant increased risk by allowing outbound email only?

Posted on 2007-07-31
Last Modified: 2010-04-11
We have a customer who wants to only email reports from a server we have provided.   There is no need to accept incoming email.

We typically don't allow any kind of email on our application servers, but in this case we are willing to make an exception it poses no security risk.

If I just specify the SMTP address and leave the incoming server address blank, how much of a risk does this pose to the system (aside from the ability to send sensitive information outside the system).  Is there increased risk for this system to be breached or infected?   I assume no, but would like some feedback.
Question by:swiftny
    LVL 8

    Accepted Solution

    From a network standpoint, it shouldn't create much more of a risk as you aren't opening ports up on the server for only outgoing.  I guess you could make a (weak) case for someone monitoring smtp traffic and tracing it back and attempting to attack because of it, but I wouldn't put a ton of stock in that, especially with regards to how much smtp traffic is out there right now.  Thats like a needle in a field of hastacks, on a planet full of fields, in a solar system full of planets.
    LVL 16

    Assisted Solution

    Well, I am not quite sure how you want to send your e-mail outside. You will need at least an SMTP server that lets you send e-mail with or without prior authentication, e. g. from your provider.

    Where do you have the option to specify an incoming server actually? What program or server do you want to use?

    If you only send e-mail out there is no need to open any inbound ports either on a firewall nor server so no, there is not a increased security risk.
    LVL 27

    Assisted Solution

    If that application runs on a windows 2003 server you could setup a smtp service.

    But I would not let it outside though the firewall, you should rather forward all outgoing mail to your standard emailserver.

    I would also always offer a reply address in these email reports in case something goes wrong. So someone can inform you about the error.

    LVL 27

    Expert Comment

    See for details:

    (of cause skip the pop3 part)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Suggested Solutions

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now