Re: [vps-mail] Secure email

[John Lock <jlock@xxxxxxxxxxxxxxxx>]

At 10:09 PM 6/11/2004 -0400, Jim Smith wrote:
> In the past, I've set up secure forms so the submitted info goes to the
> secure server and the client retrieves it securely through Outlook. But does
> that work for outgoing email being sent through Outlook as well if they set
> up "This server requires encrypted connection (SSL)" for the SMTP server as
> well? Does it still go through Port 25?

For strict HIPAA purposes, that would only solve part of your problem (if 
it works at all).  The various secure e-mail protocols encrypt the data 
while it travels from one point to another.  They do not, however, store 
the e-mail in an encrypted form on the destination server.  Consequently, 
you have some small exposure while the e-mail resides in the mailbox before 
it is picked up by the recipient.

If you need to adhere strictly to HIPAA requirements, I'm guessing the mail 
will need to remain in encrypted form on the server.  That means using one 
of the PGP-like packages to encrypt before sending and decrypt only at the 
recipient's mail reader.  That's going to make it very difficult to use 
iManager or other web-mail when traveling, because they won't have the 
decryption software or public keys handy.

Cheers!

John

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).