Hundreds of millions of emails per day (according to some, soon even billions) are being sent through the Internet via Simple Mail Transfer Protocol (SMTP). This protocol is indeed quite simple, especially when capturing and reading the information embedded in the message, thereby allowing you to access all kinds of valuable business information. Take a look at your own GroupWise environment. Any GroupWise administrator can easily copy incoming or outgoing messages from the GWIA Sent or Received directories, read the message, and convert the attachment to its original format. Although this admin-ability might not be seen as a big issue, anybody on the Internet who can intercept your Internet traffic can capture your SMTP sessions and do the same. Figure 30.1 shows the vulnerability of SMTP sessions on the Internet. Figure 30.1. SMTP is not secure; messages are easily readable because the SMTP session is in clear text
Somewhere in the near future, somebody within your organization or within a recipient's organization is going to realize the impact of this security holeand then will want you to fix it! |