groovyPost.com

[Pepper]

I run a small IT shop and my end users are looking for a "secure" method to send email.

Our config:

Microsoft Exchange Server 2003
Windows XP SP2
Microsoft Outlook 2007

I read your article here: http://www.groovypost.com/howto/microso ... documents/ for password protecting Office documents in Word and Excel etc... but I don't see a similar feature in outlook.

Thanks!!! Would really love to hear your reccomendation.

[poneil]

I run a small IT shop and my end users are looking for a "secure" method to send email.

I read your article here: http://www.groovypost.com/howto/microso ... documents/ for password protecting Office documents in Word and Excel etc... but I don't see a similar feature in outlook.

it's not possible to password protect outlook email. sorry

Perhaps groovy dude here has an idea but why not just password protect the email using word then send via outlook?

sorry... not much help

[MrGroove]

I run a small IT shop and my end users are looking for a "secure" method to send email.

Our config:

Microsoft Exchange Server 2003
Windows XP SP2
Microsoft Outlook 2007

I read your article here: http://www.groovypost.com/howto/microso ... documents/ for password protecting Office documents in Word and Excel etc... but I don't see a similar feature in outlook.

Thanks!!! Would really love to hear your recommendation.

Hi Pepper! Welcome to the site!

POneil is correct in that there is no built-in "out of the box" process which allows Outlook to Securely send email or attachments. I'm thinking you probably are looking to encrypt email going "outside" your company correct? You do have a few options:

1 - Encrypt the attachment using either WinZip or Native Microsoft Office Encryption. I've posted How-to's for both Word and Excel (2003 and 2007).

2 - Use SMIME encryption. This option is very secure but not ideal for non-technical users. Essentially both the sender and the recipient need to get a digital cert from a CERT Authority then exchange keys so you can securely encrypt email you send and decrypt email you receive. Like I said, not super easy.

2a - Now if your only talking about sending email INTERNALLY in your company, using AD and a Microsoft PKI server, the process is much easier for the end user but much more complex for you the Administrator. The process is not something I can dig into in this short email (Sounds like another How-To which needs to be written).

3 - PGP is the next method. For about $100.00 per desktop you can buy PGP which will allow you to both encrypt data on your local HD and send Encrypted email. You have the same problem as SMIME here where you will need to exchange PUBLIC keys however there are PUBLIC PGP key servers which make key exchanges a little easier than SMIME. Still, not something for the average non-technical user. (Yet again, another Article which I see I need to write). This option will work for both INTERNAL and EXTERAL email communication. This process works with Windows XP and integrates nicely with Office 2003 and Office 2007. They also just released their new version so VISTA is also working now. I've tested it and it's working great.

4 - AND the 4th option...... If your only looking to secure INTERNAL email, Microsoft IRM or Information Rights Management for Office is a GREAT option. Also known as RMS (Rights Management Server), what you do is build a RMS server internally, deploy the IRM client to your desktops (Works with both Office 2003 and 2007, Vista or XP) and setup the correct Group Policy for your users and desktops. Not a simple process but once you have it going, it's a great solution for encrypting both email and office documents. Personally, I prefer PGP but that's just me. Although Microsoft CLAIMS this works with External email as well, I wouldn't recommend it. The external email connector is around 25k and the company your communicating with also needs one. AND that means you need to expose it to your DMZ..... again, not recommended. All in all, Microsoft tried to pitch this but it's died an ugly death since release......

5 - Go with a Secure email application like Tumbleweed Securemail. VERY expensive and it only protects external email. Essentially you host a HOTMAIL or GMAIL type service in your DMZ and when you send email and mark it as secure, the mail is routed to the Tumbleweed box. The server then sends an email to the external recipient telling them to come get the email from you. Very nice but expensive to implement and support. If you’re a shop THIS big, give me a call and I'll give you a hand. $$$ however...... last I looked, Tumbleweed was getting into $$$ issues so you might not want to buy product from a DEAD company

OK..... There ya have it. Just a quick brainstorm before bed. Hope that helps out POneil. Let me know if you have questions or need a more detailed STEP BY STEP. I see several here which I'll try to write up in the coming weeks on http://www.groovypost.com

Gnite

[alexmvp]

Excellent read. Thnx. Will share this with my users.

[shockersh]

2 - Use SMIME encryption. This option is very secure but not ideal for non-technical users. Essentially both the sender and the recipient need to get a digital cert from a CERT Authority then exchange keys so you can securely encrypt email you send and decrypt email you receive. Like I said, not super easy.

Great write-up and options groovydude. Just my 2 cents...

SMIME is dead. I've seen PLENTY of companies to try and implement it and it always fails because you just cant force users to use it when they are supposed to and it's not the easiest thing to even deploy. PGP is defiantly the better way to go especially if you have external users you need to exchange sensitive email with.

-SS

[MrGroove]

SMime is a nice option if you have good Admins and an educated user community but yes, "like pgp" because you need to exchange public keys with 3rd parties it's not as effective.

Personally, I prefer PGP myself but from a Corporate standpoint, the Email Gateway is the way to go. Essentially a Corp. Email Admin would just swap public key certs with a business partner and install them on the Email Gateways (Microsoft Exchange etc...) This allows you to encrypt ALL email between the two companies at the Edge / Email Gateway and the end users don't have to know/do anything. 1 Cert, 1 Time and all email is encrypted in Transit over the Internet.