John Summerfield wrote:
Randall R Schulz wrote:
It's also not secure in that it sends _all_ the data, inbound and outbound, unencrypted.
Just like postfix, sendmail, exim, qmail, zmailer and every other MTA.
More people send more confidential data by unencrypted email than they do by telnet, and I don't recall anyone saying "don't use email."
Allow me to introduce you to PGP and GPG, encryption for e-mail :) Funny story: I started using Enigmail (GPG plugin for Mozilla mail client) about 5 years ago. For six months, all of the mail I sent out everywhere was GPG-signed. Then I upgraded Mozilla, it broke the (not yet supported) Enigmail plugin, and I couldn't be bothered to fix it. So I started sending out mail with no digital signatures. Now, according to the usage models of public key signed documents, I *should* have started receiving complaints from people about "Crispin usually signs his mails, and this is not signed; are you an imposer or what?" But that *never* happened. Not once. This convinced me that very, very few people actually check digital signatures, and thus they are of very little value in casual correspondence :( Digital encryption, on the other hand, has direct specific utility, in that you can encrypt sensitive content to a specific person any time you like. I do use that fairly regularly, at least with my correspondents who are PGP/GPG aware. Full disclosure: I am on the PGP.com Technical Advisory Board, and they actually make a (Linux-based) mail server appliance that substantially addresses this very problem, resulting in most corporate communications being encrypted. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com