What data are you actually trying to encrypt, and where is it coming from? For instance, some of our products offer HIPAA compliance for electronic transactions, using a variety of transports, including SMTP, IIRC.
I'd push back at the auditors to make sure that they're clearly defining what needs to be encrypted and what can be sent clear text. It sounds like they're pushing for 100% encryption of all email, which is well beyond my understanding of the expectation under the law. -------------------------------------------------------------- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Hutchins, Mike [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 25, 2003 3:44 PM > To: Exchange Discussions > Subject: RE: Exchange server level encryption > > > Argh... > > Which is pretty much what Eric was saying I think also. I > kinda figured this was going to be a tremendous pain in the ass. > > So let me throw a side idea at ya. How about creating a > different virtual server to handle certain domains and have > that relay through a gateway to encrypt that traffic. Then we > would know who was getting the mail and the would be able to > decrypt it. > > > > > -----Original Message----- > > From: Ken Cornetet [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, February 25, 2003 1:39 PM > > To: Exchange Discussions > > Subject: RE: Exchange server level encryption > > > > > > I'll assume you are talking about SMIME encryption here. What > > you want to do is not possible in the general sense. You need > > the recipient's public key in order to encrypt their mail. > > You would have to have a predefined list of all possible > > recipients and their public keys. Even if you had this list, > > I know of no products that implement this (but then again, > > I've never looked) > > > > You could probably rig something up using PGP on a unix box > > as an outbound gateway. But then all your recipients would > > need PGP to read the mail. > > > > -----Original Message----- > > From: Hutchins, Mike [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, February 25, 2003 3:25 PM > > To: Exchange Discussions > > Subject: Exchange server level encryption > > > > > > Ok, my eyes are going crossed. > > I have been trying to figure out a decent way to encrypt all > > outbound email from our company. This is for compliance with > > HIPAA. Does anyone happen to have any ideas? > > > > I have googled and haven't found a product that looks right. > > I have searched for "exchange 2000 encryption", "email > > encryption", etc. Help? > > > > TIA > > > > Mike > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
