Finally, when you are dependent on an inherently insecure protocol (SMTP) for the transport of business critical information, it is important that:
- You can identify, without a doubt, who the originator of an e-mail message is.
- The data you received has not been altered or intercepted while being transmitted.
The ONLY way you can possible meet either of those two stipulations is to both digitally sign and digitally encrypt the e-mail that you send and verify that the mail you receive has been signed and encrypted.
If you work in a high security environment, or a regulated business sector, you may be doing this already. If not, you should consult the appropriate IT decision maker at your organization to see if this feature is available and start using it.
For more information, see Microsoft Knowledge Base article 286159.
Top 10 best practices for securing e-mail clients
#1: Patch your clients
#2: Configure antivirus software to scan your e-mail clients
#3: Use anti-malware software
#4: Quarantine attachments
#5: Don't be a sucker
#6: Disable unsigned macros
#7: Use Outlook's Junk E-mail filter or install spam-filtering software
#8: Just be plain
#9: Learn to read (e-mail headers, that is)
#10: Digitally sign and encrypt e-mails
|ABOUT THE AUTHOR:|
| Richard Luckett, Vice President and Senior Consultant, Ajettix Security
Richard Luckett is a Microsoft Certified Systems Engineer on the Windows NT 4.0, 2000 and 2003 platforms and has been certified on Exchange since version 4.0. He is the co-author of Administering Exchange 2000 Server, published by McGraw Hill, and has written four Exchange courses, Introduction to Exchange 2000, and Hands-on Exchange 2003, Ultimate Exchange Server 2003 and Exchange Server 2003 Administrator Boot Camp for Global Knowledge Inc. Richard is currently Vice President and Senior Consultant for Ajettix Security, where he is the head of the Microsoft security practice.