I say we just have everyone type in gibberish from the beginning. It would work just as well, and be a lot cheaper. Besides, with all the spam filters and RBLs, the message isn't going to arrive anyway.
Excuse me, I think I just had an attack of cynicism. -Peter -----Original Message----- From: Ed Crowley [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 8:36 To: Exchange Discussions Subject: RE: Exchange server level encryption Yup. Setting up "encrypted mail", whatever that is, isn't going to fix the problem. If "all e-mail" must be encrypted, you pretty much ought to disconnect it from the Internet, because the vast majority of your correspondents will not be able to communicate with you. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Wednesday, February 26, 2003 8:18 AM To: Exchange Discussions Subject: RE: Exchange server level encryption Right. It goes back to Ed's quote about there seldom being technical solutions to behavioral problems. Part of these regulations requires strongly retraining all employees that they need to keep patient information out of emails. Things that require patient information, like billing information, shouldn't traverse email in the first place, rather it should be handled at the billing system level. At that point, all an email has to contain is an invoice number or a payment number and you're not passing any confidential information. HIPAA isn't something for which completely technical solutions exist. This is one of those places. -------------------------------------------------------------- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Hutchins, Mike [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 26, 2003 11:06 AM > To: Exchange Discussions > Subject: RE: Exchange server level encryption > > > Well, that isn't exactly like that. But it seems as though > there also isn't an easy wau to determine what to encrypt on the fly.. > > > -----Original Message----- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, February 26, 2003 7:33 AM > > To: Exchange Discussions > > Subject: RE: Exchange server level encryption > > > > > > What data are you actually trying to encrypt, and where is it coming > > from? > > > > For instance, some of our products offer HIPAA compliance for > > electronic transactions, using a variety of transports, including > > SMTP, IIRC. > > > > I'd push back at the auditors to make sure that they're clearly > > defining what needs to be encrypted and what can be sent clear text. > > It sounds like they're pushing for 100% encryption of all email, > > which is well beyond my understanding of the expectation under the > > law. > > > > -------------------------------------------------------------- > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -----Original Message----- > > > From: Hutchins, Mike [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, February 25, 2003 3:44 PM > > > To: Exchange Discussions > > > Subject: RE: Exchange server level encryption > > > > > > > > > Argh... > > > > > > Which is pretty much what Eric was saying I think also. I kinda > > > figured this was going to be a tremendous pain in the ass. > > > > > > So let me throw a side idea at ya. How about creating a different > > > virtual server to handle certain domains and have that > relay through > > > a gateway to encrypt that traffic. Then we would know who was > > > getting the mail and the would be able to decrypt it. > > > > > > > > > > > > > -----Original Message----- > > > > From: Ken Cornetet [mailto:[EMAIL PROTECTED] > > > > Sent: Tuesday, February 25, 2003 1:39 PM > > > > To: Exchange Discussions > > > > Subject: RE: Exchange server level encryption > > > > > > > > > > > > I'll assume you are talking about SMIME encryption > here. What you > > > > want to do is not possible in the general sense. You need the > > > > recipient's public key in order to encrypt their mail. > You would > > > > have to have a predefined list of all possible recipients > > and their > > > > public keys. Even if you had this list, I know of no > > products that > > > > implement this (but then again, I've never looked) > > > > > > > > You could probably rig something up using PGP on a unix > box as an > > > > outbound gateway. But then all your recipients would > need PGP to > > > > read the mail. > > > > > > > > -----Original Message----- > > > > From: Hutchins, Mike [mailto:[EMAIL PROTECTED] > > > > Sent: Tuesday, February 25, 2003 3:25 PM > > > > To: Exchange Discussions > > > > Subject: Exchange server level encryption > > > > > > > > > > > > Ok, my eyes are going crossed. > > > > I have been trying to figure out a decent way to encrypt all > > > > outbound email from our company. This is for compliance with > > > > HIPAA. Does anyone happen to have any ideas? > > > > > > > > I have googled and haven't found a product that looks > > right. I have > > > > searched for "exchange 2000 encryption", "email > encryption", etc. > > > > Help? > > > > > > > > TIA > > > > > > > > Mike > > > > > > > > > _________________________________________________________________ > > > > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > > > > Archives: > http://www.swynk.com/sitesearch/search.asp > > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > > > _________________________________________________________________ > > > > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > > > > Archives: > http://www.swynk.com/sitesearch/search.asp > > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
