On Fri, 17 Mar 2017, Eric Henson wrote:
As a PCI compliant company, we have to go to great lengths to secure any system that stores, processes, or transacts credit card data. If that included our email servers, that would put every single mail server, every single mail client, including smart phones, in scope for our PCI audit. That would be a complete nightmare.
I believe you, but that's not the question -- when's the last time something bad actually happened due to sending credit card info by mail?
I used to have my own credit card account and my card processor demanded PCI compliance. About 1/4 of it was reasonable, 3/4 was cargo cult stuff that mostly involved stuff like setting packet filters so they couldn't probe ports that weren't going to answer anyway.
R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
