Send Encrypted email / data with ASP

[IClarke]

I need to send an encrypted email or at least part of the email needs to be encrypted (credit card number) from my web server. I'm using CDONTS to send emails. Anyone got any ideas on how to go about this, i need to make the decryption process as easy as possible as it will be non-IT people who receive the emails.

Thanks in advance
Ian.

[turfbult]

Ian,

I really hope you get the answers you are looking for, because I am sitting with the same problem you are and I have not found the answer yet!!

T

[turfbult]

Ian,

I see you haven't had many replies. Dont worry, I was hoping as much as you probably were.

Any way, I think I got the solution to my problem - maybe it will work for you too.

I contacted my host and they firstly suggested that I get some 3rd party software which they will then install etc etc. Some other technician then contacted me and said that all their MAIL SERVERS are secure. These mailservers can be accessed via their website(with a uid/pwd) to check your mail etc etc. So, what I have now is a form which the user must complete (credit card details etc) and the form is then emailed to a pop-account residing within my domain - ie. on my hosts webserver. This form is also on a secure server!! So all I have to do is login to the website and check my mail whenever, wherever!!

The only catch is that you must not download the email onto your client at home/office, because that defies the purpose. As long as the email "sits" on your hosts webserver (if they are secure - ssl) you should be pretty safe, but obviously when you download it to your client (Outlook or whatever) the email leaves the secure server and can be "picked up" by anyone!!

I hope this helps!! It's the way I'm going to handle things.

Good luck,
T

[IClarke]

Hi T

Thanks for the info. this certanly does seem to be a pretty complex problem. Your idea about using web mail to access the mail directly off the server is pretty cool but unfortunatly our web server is completley independant from the rest of our network and does'nt have any mail server software installed. So i'm still kinda stuck ... i'll let you know if i find another solution.

Cheers
Ian.

[turfbult]

Ian,

Yes, please do let me know when you find another solution.

T

[Clunietp]

I don't know if this helps you guys but TLS allows your mail server to securely communicate with another mail server.

Are you sending mail to end users? Who will be getting this mail you are sending? Why must you include sensitive information in these emails? Just a few questions, maybe we can come up with a workaround rather than a solution

[turfbult]

Hey Clunietp,

I'm talking for myself here - not sure what Ian's setup is.

The "secure" mail must come to ME. The sensitive info I'm refering to is Credit Card details.

As explained in my previous post - the user fills in a normal html form with things like CC details and this form must then reach me. At my office, I then have the facility to "do the transaction".

I know there are 3rd party companies who specialize in this, but I'm trying to stay away from this option for 2 main reasons...
1.) The "processing time" on their side is usually unacceptably slow!!

2.) The fees they ask per transaction


So, all I need is to get the CC details emailed/sent to me in the MOST secure way!!

What do you think of my way of doing it - ie. thru webmail which was suggested by my host and which a lot of their clients use!!??

T

ps. How does TLS work - what is it??

[IClarke]

Hi Clunietp,

Like T i'm wondering what TLS is ? To answer your questions the email that i need to send is only going to one person for final processing of the transaction. It needs to contain sensitive info. as the web server being completly seperate from the rest of out network i can't see any other way of getting the data. I did consider storing the info in a database and then using FTP but i would assume this is no more secure than email ??

Ian.