[Mimedefang] Scary... Filtering on the outbound.

David F. Skoll dfs at roaringpenguin.com
Thu Feb 17 13:23:52 EST 2005

On Thu, 17 Feb 2005, Ben Kamen wrote:

> > 2) All kinds of regulations in the US like HIPAA and financial
> > regulations will force businesses to at least pretend to control
> > outflowing information.  Unfortunately, doing this effectively means
> > prohibiting tools like PGP for encrypted e-mail. :-(

> So much for securing sensitive information with PGP so that only the
> intended parties can read it.

Well, there's a commercial solution (maybe a few) that work like this:

1) Health care agency X needs to send confidential information to client Y.

2) Person from X sends confidential mail to a special account, something like:

	Y-at-Y.DOMAIN at secret.X.domain

3) A magic process intercepts the mail, stores the confidential info on
an HTTPS server, and sends mail to Y at Y.DOMAIN saying:

   "You have a confidential message at https://whatever"

4) Y logs in with his/her usernamd and password (which must have been
sent out-of-band -- probably by regular mail) and reads the message.

This avoids Y having to understand anything about PGP.  I think it's a fairly
cool solution.



More information about the MIMEDefang mailing list