Hello This should be a short experience summary about using "secure" e-mail (S/MIME) in business environment for about 2 years.
We are a small/midsized company with customers mainly insurance companies and other larger organisations most located in germany. Our decision at end 2009 was to digital sign *every* outgoing e-mail with the Djigzo gateway (Thanks Martijn!) to get tamper-proof mail and provide our customers the possibility to send us encrypted mail. Our mail volume is very low with about 50 signed mails outgoing per day to around 150 different business domains. The incoming volume is about three times as high, mostly from the same 150 domains plus additionally advertising/status/newsletters and some minor fraction spam. With this after nearly two years we got the following public certificates in our store: - about 10 different business related domains with around 20 different addresses - around 80 certificates from extern all together - about 25 trusted root-CAs (+sub-CAs) needed for trust relation With this we can see less than 10% usage of S/MIME by companies for which e-mail security should be a must :-( Additionally there seems to be companies which sign their newsletters but not their business mail coming from the employees. Sad but true we even had one big company where digital signed mail was repeatedly lost, so we had to disable s/mime mail to them altogether. In other cases there clearly was a s/mime gateway at the other end, but no certificates where used, the root-CAs seem to be out of date and no one was reachable for inclusion. Two cases where found where the content of the mails where altered by some virus/content scanner in between making the signature invalid. After automatically encrypt all outgoing mail where we have valid certificates for, another three domains had at least intermediate problems with key handling leading to support calls about external recipients not able to decrypt their own mail :-( So in sum we ended with not even 5% targets to reliable exchange s/mime e-mails with, noticeable in a environment where confidentially is often required because of law and business requirements. An attempt to contact remote postmasters (7 different domains) to fix the problems lead to three bounces, one silently included the CA used by us and three with no reaction at all. That said Djigzo worked reliable from day one and we never had any technical problem related to our setup. I'm really baffled that it is still that troublesome *and* nearly useless because of missing S/MIME capable mail infrastructure even in companies spending a lot of $ on mail security. Would be nice to here from others about there findings. Regards Andi _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
