Securely Connecting Your Email System To the Internet - A Primer

For many, it's hard to imagine life before electronic mail. Billions of SMTP messages a day zoom through cyberspace between friends, businesses, and people trying to make a quick buck. The 'S' in SMTP stands for 'simple' - that's one of the reasons it has become the standard protocol for message transfer. Unfortunately, with that simplicity comes poor security. The lack of built in authentication and transmission in clear text are two major examples of the problems you face when using SMTP email. This paper examines the basics that need to be considered when building a secure email connection to the Internet using an SMTP gateway. As with many security topics, hard and fast answers are not always provided - many of the decisions you make are based on the level of risk you are prepared to accept, and on the amount of money you are willing to spend. However, making a few informed decisions early on can help in mitigating many security issues such as viruses, spam, spoofing and intrusion. Confidentiality, integrity, and availability of your email system are addressed through discussion of policy, available technologies, and architecture. This paper examines the basics that need to be considered when building a secure email connection to the Internet using an SMTP gateway.