Encrypting emails using Exchange 2003

Posted on 2009-04-03
Last Modified: 2012-05-07
We are needed to get a more secure system in place for sending private information to certain companies. We Have a small business server 2003 that hosts our exchange email system (exchange 03). What is the best way to do this? We want to integrate in with outlook and make it as user friendly as possible. Also, does encrypting an email therefore encrypt the file? Would we still need to password protect for encrypt the file more? Would a digital certificate be the way to go?
Question by:FIFBA
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 33

Expert Comment

by:Dave Howe
ID: 24066823
First step is to see what the receiving companies can handle - the choices really boil down to:

1) TLS encryption (encrypted channel from your server to theirs)

This is pretty commonly supported, requires *no* configuration at the outlook client (all done by the server) and is built into Exchange 2003 (I am not sure that 2003 can *insist* on TLS though, while 2007 can). for this, you set up a second SMTP route for JUST the specific mail domains involved, and make sure that connector uses TLS. This requires a digital certificate at the recipient's mail server.

2) S/MIME encryption

This is built into outlook, and requires a digital certificate very similar to the ones used for webservers (and renewable periodically). Unlike webservers, the recipient (not the sender) must buy or create the key, and get that to the sender by some method. once in the microsoft keystore on the sender's machine, the sender can encrypt the entire message (including the attachments) by hitting an encrypt button that appears on the compose mail dialogue box. There is a more complex system called pgp (or openpgp, or gpg) that requires installing software to use, and works similarly.

3) proprietary web-based systems

There are a few solutions out there (Cisco's Ironport pxe is considered one of the better ones) that use a web "oracle" service to provide key management and decryption - those are effective, and not recipient-led (which is the weakness of most  encryption systems) but are quite expensive.

As I say, ask your recipients what they can support - most of the heavy lifting and key management has to be done by them anyhow, and once *you* have their public key, you can push it out to whatever machines need it.

Author Comment

ID: 24115937
Is there a good 3rd party solution for this?
LVL 33

Expert Comment

by:Dave Howe
ID: 24116092
As I say, the first step is to contact the recipients of the mails and see what they will/can support. The ironport solution is the only one that doesn't require prior actions by the recipient to make it work (or even by the sender - encryption can be controlled by corporate policy), but isn't particularly cheap; I know quite a few sites are implementing it though, as it gives the sender control over the encryption instead of the recipient.

Author Comment

ID: 24116239
OK. I will be at this client next week. I will see what I can figure out.
LVL 33

Accepted Solution

Dave Howe earned 500 total points
ID: 24116258
Its the best first step. spending thousands on an ironport solution *will* solve the problem, but if you can do something else suitable to both you and your customer for free, and get as much if not more security from doing it, there is no real benefit to substituting money for dialogue :)

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question