MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Security on email-enabled lists

  Asked By: Lillian    Date: Mar 02    Category: MOSS    Views: 1188

Occasionally I hear people talk about mail-enabled lists, and I've read a
doc or two about setting them up, but here's the sixty-four thousand dollar
question: how do you secure the whole process?

Anybody can send an email. Lots of people know how to spoof the "from"
headers. Any sort of hash or key sent in the message is subject to
interception; this is why we have an emerging secure email market. However,
secure email appears less than convenient at this juncture; is it a viable
solution? Is SPF the answer? Am I making any sense?

Feel free to respond to this with anything resembling constructive



6 Answers Found

Answer #1    Answered By: Junior Jarvis     Answered On: Mar 02

When configuring the "Incoming E-mail Settings", you can set the list to "Use
document library security for e-mail to ensure that only users who can write to
the document library can send e-mail to the document library" under E-mail

For us, this Yes/No option fit the bill....

Answer #2    Answered By: Sanjay Lohar     Answered On: Mar 02

That assumes integrated Exchange, correct?

Answer #3    Answered By: Mason Salazar     Answered On: Mar 02

That's after you have already enabled Incoming E-mail for your SharePoint
Farm/configured it in Central Administration.

Answer #4    Answered By: Jesus Davis     Answered On: Mar 02

You can mail-enable using built-in smtp aand in addition to setting "Use
document library security..." you can configure SMTP to restrict addresses
that it will accept connection from.

Answer #5    Answered By: Narasimha Kamane     Answered On: Mar 02

Right, but how do you deal with the possibility of spoofing? Seems like it
would be easy enough to fake the header information. Does this all get
handled on the mail server side?

Answer #6    Answered By: Fidel Crane     Answered On: Mar 02

Not sure. Our implementation is not complete yet. I imagine you could send
all email traiffic to one library/list that requires approval and write a
Feature to examine the content on arrival.

Didn't find what you were looking for? Find more on Security on email-enabled lists Or get search suggestion and latest updates.