We're on a windows domain environment, and we've been asked to use PGP for email communication with a client. Now, i've done some reading into this, but i'd like opinions on the positives and any negatives of implementing this. From what i understand, an addon/application is required, which will work alongside Outlook to decrypt the message once the private key is entered? If anyone has any experience in this, can you recommend a suitable PGP application?
Email security - PGP
- Thread starter daztrouk
- Start date
Depends whether they are emailing just a few individuals or could be emailing anyone in your company (you can get PGP for desktop email and PGP gateway email respectively which either encrypt/decrypt at the client or at a gateway-based server).
That won't work if the client is insisting on using PGP. The MessageLabs system works in a similar way to Voltage or Ironport's PostX whereby the recipient has to access the emails (and reply) via a webmail interface unless they use the same system. PGP is generally a better bet as it is more widely used and gives you more control.
It's a hassle and it's a bit pointless. You no-doubt have a confidentiality clause within your contract with that client. As such its your responsibility, not theirs, to make sure that you keep any information they give you (whether to the right member of staff or not (i.e. to john.smith instead of jonny.smith)) confidential.
I know for a fact that a lot of information that would be covered by the official secrets act is sent through unencrypted emails. If it's good enough for them...
I would recommend that you tell them if there's any information that they are particularly worried about sending that they instead utilise the notification procedures within their contract to send it (which usually requires registered post or courier).
I know for a fact that a lot of information that would be covered by the official secrets act is sent through unencrypted emails. If it's good enough for them...
I would recommend that you tell them if there's any information that they are particularly worried about sending that they instead utilise the notification procedures within their contract to send it (which usually requires registered post or courier).
Last edited: