• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 622
  • Last Modified:

Would you consider email an encrypted type of communication?

We hosting data for the client.  Load the data and provide the client a password via am email.  Given that known clients email address.  Would you consider this a secure and encrypted way doing this?
0
Tiras25
Asked:
Tiras25
5 Solutions
 
djcanterCommented:
No. The email delivery from your server to client endpoint is not guaranteed to be encrypted. Look into a Barracuda device that will send a message to the client that they have a secure message waiting for delivery. This will hold the message and will display in a web browser for client. Data never leaves your site unless SSL encrypted.
0
 
xDUCKxCommented:
Email is sent via plain text.  So no, it's not encrypted by default:

http://office.microsoft.com/en-us/outlook-help/encrypt-e-mail-messages-HP001230536.aspx

The data stream is also not encrypted and travels over SMTP.  You can encrypt this by enabling SSMTP which uses port 465:

http://www.emailaddressmanager.com/tips/mail-servers.html

http://technet.microsoft.com/en-us/library/aa997285.aspx
0
 
Exchange_GeekCommented:
Security varies from what you understand and the more you understand.

Simply placing data using password protection never helps, it is the mode of communication outside your email Organization that helps to add more security to the email.

TLS is the preferred mode of communication, where in emails are encrypted by certificates and over port SMTP/SSL. Simply having communication over a particular port never assures you that you're emails are safe.

However, there are other modes to encrypt emails too, such as using cloud (such that as Microsoft-FOPE / Symantec iCloud) OR hiring an email encryptor software company, that'll use their own algorithm to safe guard you'r emails.

Depends to what extent you want to ensure you're emails are to be listed as "safe" :)

Regards,
Exchange_Geek
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
xDUCKxCommented:
Simply having communication over a particular port never assures you that you're emails are safe.

Yes, after re-reading my post I can see how this could be misunderstood.  Yes, changing the port won't do anything to encrypt the data.  You'll still need SSL/IPSec.  Don't know what I was thinking without providing the additional information.  Sorry about that.
0
 
southpau1Commented:
Asking if it is secure in general, and not just focusing on encryption, here are the problems with your current plan:

1.  You assume that only the authorized individuals have access to the email accounts to which you are emailing the passwords, or that these accounts have not been compromised
2.  Susceptible to man-in-the-middle attacks or sniffing because it is sent in plain text

To increase the security of this process, you should NOT email the password to the client, but instead just send them an email with instructions on how to securely retrieve the password.  The process to retrieve the password could be calling a call center where 2-factor authentication is used to verify the caller is indeed your client, or perhaps setting them up with a one time password given to them in person, and not electronically.
0
 
Exchange_GeekCommented:
@xDUCKx: Happens with most of us, we want to provide the correct information and *sometimes* end up writing something else that may be taken in a different send.

I appreciate your inputs on a lot of threads, and of course on this one too.

Regards,
Exchange_Geek
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now