Is there significant increased risk by allowing outbound email only?
Posted on 2007-07-31
We have a customer who wants to only email reports from a server we have provided. There is no need to accept incoming email.
We typically don't allow any kind of email on our application servers, but in this case we are willing to make an exception it poses no security risk.
If I just specify the SMTP address and leave the incoming server address blank, how much of a risk does this pose to the system (aside from the ability to send sensitive information outside the system). Is there increased risk for this system to be breached or infected? I assume no, but would like some feedback.