Securing Electronic Mail in a Small Company

Electronic mail has become a de facto standard for business communications. Companies, big and small, depend on email for their day to day operations, even though electronic mail is plagued with numerous security problems. Email might be read in transit. Messages may be altered or dropped by intermediate servers. Mail boxes are effectively unprotected with sniffable passwords. Yet people use email because it's convenient. While numerous approaches and protocol enhancements have been proposed to reduce security risks in email communications, no comprehensive solution exists. This paper presents a typical email configuration of a small company, the associated vulnerabilities, and demonstrates how free open source tools help reduce the risks.