__/ [ hug ] on Saturday 29 April 2006 13:27 \__
> "neutrino" <stuartr@xxxxxxxxxxxxxx> wrote:
>
>>Yes that's what I mean -"E-mails to originate on the
>>> host's domain and remain there only for yourself and your host to have
>>> access to".
>>a visitor completes an email form on the web site, and it's delivered
>>to the host domain email,
>>and not forwarded - only accessable to be read when the site owner logs
>>into the host domain
>>and accesses the email, and whatever info is to be taken from the
>>emails recieved - could be copy/pasted into
>>a Word or excel report on their Pc, to store the info', therefore th
>>ethinking behind this is that the email recieved
>>would not have been sent across the net, and therefore would be a
>>secure method of recieving the info,
>>even if not an "official" way of saying so - but nevertheless should be
>>a secure way of recieving,
>>since the security issue comes into play when email is transmitted from
>>place to place.
>
> If your web-based email form doesn't check for things like newlines,
> even though you think you are sending it only to yourself you could
> also be acting as a spam relay.
>
> As Roy mentioned, there are times when encryption is the only good
> solution.
>
> However, if you want a solution as secure or more secure than
> encryption in this particualr case, you might consider changing the
> way your email-to-self is handled. Instead of sending it through the
> mail system, just write its contents to a file on your server. That
> way the admin can look it and nobody else can assuming your file
> permissions are sufficiently restrictive.
I imagine that the OP is BCC'ing the messages to self. I may be wrong or
presumptuous because I BCC all messages to myself, which makes me inclined
to think along these lines.
Writing to file is both laborious and an unorganised way of handling
information. Encryption to self would work wonders. I recommend PGP, which
is free and robust. The best practice is to never include sensitive
information in E-mail. E-mail is unpredictable and not secure. It's like FTP
or HTTP. Because some clueless sites post passwords in plain text, I made
the habit of choosing separate, simpler passwords for third-parties,
so-called 'Mickey Mouse' services. Never remain too uniform security-wise,
e.g. sticking with similar passwords for your Web site and Digg. Script
kiddies can sniff packets.
Best wishes,
Roy
--
Roy S. Schestowitz | Software patents destroy innovation
http://Schestowitz.com | SuSE Linux ¦ PGP-Key: 0x74572E8E
5:05pm up 2 days 0:10, 13 users, load average: 0.25, 0.70, 0.71
http://iuron.com - Open Source knowledge engine project
|
|
