__/ [ neutrino ] on Friday 28 April 2006 18:18 \__
> having just read a posting from someone asking about - when recieving
> email from web form to host site email, what was a secure way to
> forward the ocasional one onto someone else....
> it made me wonder---
> when you recieve an email from your website form and it's sent ONLY to
> your host site's email, and not forwarded anywhere - is this a secure
> way of recieving confidential info' ? ...
No. The only secure method is to encrypt your message. Any other form will
propagate through routers, which are in essence open to curious minds and
pairs of eyes. Additionally, you need confidence in your host and ISP.
Choose a foreign or dodgy one and your data will be more susceptible
> ...how IS web form email handled ? ...
Most of them run on the Web server, which in turn dispatches an E-mail
message. Your data is visible to the sysadmin of that server.
> .. is it not transmitted across the net to it's destination, but goes
> direct from your web to the host email server - no chance of being
> intercepted? could this be an easy way of recieving confidential info? ...
No. It depends how much you are willing to invest in privacy and how much you
have to lose. Encryption is often the only true solution.
> ... specially if you only access and read it by logging into your host
> site, and do not forward it anywhere?
If I understand your correctly, you want form E-mails to originate on the
host's domain and remain there only for yourself and your host to have
access to. I believe you will be on the safe side because messages sent to
one's own domain do not hop onto third parties daemons. They are being
delivered directly to the local box.
Roy S. Schestowitz | "Software sucks. Open Source sucks less."
http://Schestowitz.com | SuSE Linux ¦ PGP-Key: 0x74572E8E
6:55pm up 1 day 2:00, 13 users, load average: 0.69, 0.87, 0.63
http://iuron.com - next generation of search paradigms