Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Mail Encryption: One-Way / Clientless ( SPX )

A system whereby customers can encrypt messages with the recipient having no in-place method to decrypt them, such as is currently possible with Smime/pgp setups.. Allows encryption to satisfy needs of many companies that do not havfe setup relationships with key exchanges and such, like Health Care, Government, Education etc... it should be very easy to use.

94 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Gert HansenGert Hansen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    11 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • ChristianChristian commented  ·   ·  Flag as inappropriate

        Are there any news about this feature? This is one of the most missing features, we've got. Are there any release plans for 9.2?

        Best regards,
        Christian

      • AnonymousAnonymous commented  ·   ·  Flag as inappropriate

        Maybe it can be done like this:
        1. Astaro checks if the public key already exists in the local database
        3. If not, Astaro send only an unencrypted notification email out, which includes a link to the user portal. (Password by SMS for example)
        4. In the user portal, two option
        Option 1: Use a Web Frontend (similar to Hotmail, Gmail, etc.) to view and reply
        Option 2: The Astaro creats a S/MIME or PGP Key and the User can download it and install it on his local computer. After the Astaro send the encrypted email out.

      • Jürgen RothJürgen Roth commented  ·   ·  Flag as inappropriate

        We have to establish a secure mail transport to a large company.
        Because every company has its own implementation, it's currently not possible to establish this! What we need is at minimum one of the following:
        * A domain wide PGP Key for the internal domain.
        * A domain wide PGP Key for the external Domain and a policy to use this key for all recipients in this domain (we got a public key for “everybody@copmpany.com”).

        OR
        * A policy to make STARTTLS mandatory for a domain.
        * A check if the hostname of the mail exchanger is the same as the CN of the certificate.

        OR
        * A way to modify the recipients address: e.g. change “USERNAME” user@compyny.com to user@compyny.com <securemail@smime.company.com> (use the users email address as real name and change the email address to a gateways email address)

        It would be gratefully if there will be more flexibility in the email encryption with flexibility of regex in policies and also to modify email addresses.
        An automated email to the admin for certificates that are at the end of life would also be gratefully!

      • Sascha ParisSascha Paris commented  ·   ·  Flag as inappropriate

        This could for example be done via HTTPS portal where customer has to register to view/download encrypted document or to send encrypted PDFs. However, it should work with "standard" equipment on a daily use PC without the need to install additional Software. This would be really helpful to acceptance of mail encryption.

      • andreandre commented  ·   ·  Flag as inappropriate

        Djigzo i.e. can send PDF with encryption (password) and send password via SMS. You could do the same with ZIP i.e.

      • Hagen von EitzenHagen von Eitzen commented  ·   ·  Flag as inappropriate

        Isn't at last server-to-server encryption (TLS) already available?
        Although I agree that a domain-wide key would be desireable, the consequences would be (if example.com uses astaro with this feature):
        - anybody@example.com can sign (with domain-wide signature) outgoing mail; the local admin has to make sure that nobody can forge a coworkers sender address (this shouldn't be a problem)
        - anybody@anywhere can encrypt mail to anybody@example.com with domain-wide encryption; they have to be aware, though, that e.g. secretaries with access to the recipients mailbox can read the mail (sometimes this is a bug, sometimes a feature)

        However, any mail in the opposite direction still requires a key exchange as usual, though this is no problem for replys to incoming (signed) mails.

      • PaoloPaolo commented  ·   ·  Flag as inappropriate

        Yes and on the encryption session you will need to do man-in-the-middle in able to accomplish other products do this astaro ofcourse

      • Bob AlfsonBob Alfson commented  ·   ·  Flag as inappropriate

        Sorry, I don't understand. What good is encryption if the recipient doesn't need special tools?

      • svensven commented  ·   ·  Flag as inappropriate

        I hope I got the point right: Would this be support for PGP/Inline (or PGP/Classic)?

      Feedback and Knowledge Base