[TriLUG] transmitting secure emails

Cristóbal Palmer cmp at cmpalmer.org
Tue Apr 6 18:09:18 EDT 2010


On Tue, Apr 6, 2010 at 5:32 PM, Jason Watts <jsnonzzr at gmail.com> wrote:
> expected, but the way it works is kinda cool.  you can send all your
> outbound email though them.  if the email has what ever catch phrase in what
> ever part specified, you can have them encrypt it and hold in on their
> servers for the end user to log in and check it.
>

Again, as someone who has taken a couple of Information Interaction
and Interface Design courses, I would *strongly* caution you not to
"fix" this particular problem with an email add-on. Users on your end
should NOT "send an email" in any way that is remotely like their
normal outbound email when they need to send sensitive information.
The "autopilot" or "muscle memory" we develop for tasks is too strong
at 16:55 on a Friday, and somebody WILL mess this up. As Jason said:
"we chose to forbid this as alot of users forgot to click the 'other'
send button." I think a system that tries to auto-identify sensitive
information and trap it such that a link must be clicked is useful
only as a backup. If people know it is there and come to trust it,
you're just as likely to have a failure.

The best answer is to train people on what constitutes sensitive
information and have them execute a very different business practice
(eg. opening an internal webapp for this purpose) when they have
sensitive information to send.

If I were doing this and were really pressed for time/cash I'd
probably use wordpress-mu and pop open a new "blog" for each client
with an un-blog-ish theme. Slightly hackish but really quick to set up
and has permissions that are good enough for what you're doing. Also
requires near-zero expertise beyond basic sysadmin skills. Not
automagical like the products that have been described, but also $0
licensing plus whatever you want to pay for an apache certificate.

Cheers,
-- 
Cristóbal M. Palmer
ibiblio.org systems
cdla.unc.edu research assistant



More information about the TriLUG mailing list