MS-Mail Security

[Adam Shostack]

Leo WONG Wing-yan wrote:

|     I would like to gather informations of whether the MS-Mail server is 
| secure or not, is anyone heard of somebody, say, disguise as other user 
| or read other user e-mail?

	Its good idea to think of mail security as an end to end
thing; you encrypt the mail for your recipient(s).  They decrypt it.
There are (decent) proposals afoot to encrypt mail server to server,
which is fine, it doesn't sacrifice security, and makes accidental
mail reading less likely.

	However, I know of two mail servers that I might trust, and
both of them (qmail and smap) come as source code.  I wouldn't trust
any MS product with security functions; what happens when it breaks?
SMB was broken for 3 months before it was fixed.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume