Sending email securely

[Michael]

I have a .net application that employs asp.net, vb.net
and sql server. The application is secured at client
sites through their firewall. We want to add
functionality that will automatically trigger emails
(potentially with report attachments) that are sent to
people outside of the firewall. The data is extremely
sensitive. What is the best/reccommended way to secure
the email and any attachemnts. Articles sites etc. would
be greatly appreciated.

 

[Chris Jackson]

In order to secure your email, you are going to have to use encryption where
you have matching implementations at both the client and the server. I have
used PGP implementations in the past. The new version of Outlook will be
using Windows Rights Management, which you can dig into here:

http://msdn.microsoft.com/library/d...dk/htm/windowsrightsmanagementservicessdk.asp

http://msdn.microsoft.com/library/d...lsdk/htm/windowsrightsmanagementclientsdk.asp

There are certainly other encryption providers, these are just the two that
I am familiar with. The choice really depends on what your clients already
have or are willing to install in order to read email from you.

If your clients are unwilling or unable to install new software, you merely
need to think outside of the box. For example, you could email a link to an
https site, where you authenticate them and then enable them to view and
download your payload over an encrypted channel.