I have tested gpg4win as a plugin for Outlook. But when I use that I cannot use Outlook to search for body text in the email.
I imagine it is due to the email being encrypted and that Outlook searches through the encrypted email and not the decrypted email.
My threat model is to protect the email transfer. As soon as the email hits our mailserver we consider it safe to store decrypted. So I imagine a solution would be for gpg4win to decrypt the email using my passphrase and then store the decrypted version back on the system and my local cache, which can then be searched as an ordinary email.
Is there a way I can search through encrypted emails using Outlook?
Ole,
you should give gp4o a try. gpg4o
If you want you can save the mail after decryption, so it can be processed by the indexer. Additionally it is the easiest PGP plugin I have discovered
Best regards
Karl
Related
I encountered a strange behaviour using BouncyCastle.
A email without any attachment is encrypted in BouncyCastle and send through JavaMail.
Looking at it in Outlook, an attachment is shown. In fact there is no given opening the encrypted mail.
Encrypting the email just with Outlook, there is no such phantom-attachment.
Any idea why BC is doing this?
Is there any way to avoid it?
Thank you very much!
Nick
I know that passwords should not be stored for decryption, but what if it's required? So I am wondering how do mail clients (Outlook, Thunderbird, etc.) encrypt\store passwords for sending and checking mail (I do believe they do it safely enough). In general, what are the good practices for storing user's mail password to save him time entering it every time he wants to send the email?
My passwords are only for email accounts.
If memory serves, Outlook at least used to use Windows Protected Storage. I haven't checked, but I'd guess that the current version(s) use CryptProtectData and company.
To answer a sort-of-implied question: I haven't looked as carefully at CryptProtectData, but Windows Protected Storage was not really very secure as a general rule (i.e., tools were/are available that would typically show its contents in a matter of minutes, if not seconds).
I am working on testing internationalization of an email reader application. As such I'd like to have a bank of emails with unusual subject encodings and the like to test with. I have been successful at identifying some emails with the headers endoded in specific encodings I would like to test, however I'm not sure how to successfully get the emails into an IMAP account (or alternatively a POP3 account would suffice as well) without butchering the existing headers/encodings.
With Outlook, for example, I can drag and drop messages into the IMAP account from my regular POP3 email account, or use the "resend" feature to send the message to a different account, however, with both of those solutions, outlook re-encodes the headers using it's own choice of encodings. So, for example, instead of the subject being base64 encoded, suddenly it's quoted-printable encoded, and I need it to stay base64 encoded.
So can anyone suggest how to get raw emails imported into an IMAP (or Pop3) account without changing the header encodings for fields such as subject?
Just use some IMAP client, you can store messages to IMAP server.
One free C# IMAP client you can get from:
http://www.lumisoft.ee/lsWWW/download/downloads/Examples/
SotreMessage allows you store raw message to IMAP server.
Also if you have messages in IMAP server and wnat to ttransfer them, you can use IMAP sync application from same link.
If it's just for testing, set up an IMAP server locally, and store the messages on that. Choose some fairly transparent storage so that each message is a file on the server. Don't use an email client to write them, they are just text files (and in particular not Outlook!)
Is it possible in any way to send an email attachment through the user's default email client using AppleScript? I'm assuming there is no easy way of doing this, as the programs themselves have to implement AppleScript and every email client will implement it differently and require a different script for sending an email with an attachment.
I've searched around and only found this:
http://macscripter.net/viewtopic.php?id=12463
Which can, via Applescript, give me the name of the default email client. Has anyone looked into this before?
Thank you.
You are correct. You'll have to implement different applescript code for each email client. As such you'll probably want to limit the email clients your application will support and make that clear to your users.
The only other way for it to work universally is for you to implement your own email system. I have a python script that I can call from an applescript using "do shell script" to send emails. Of course you'll need to know the user's information (smtp server, username, etc). If you're interested you can see my python script here. It doesn't handle attachments but some google searching should show you how to modify it.
Does anyone have a reason / preference as to the best format to send email responses from a website (payment confirmation / password reminder’s etc)?
Thanks
Jon
In your emails, use plaintext with links to your HTML pages. HTML in email is generally widely reviled as a bad idea, because it's a gigantic security hole.
Never send passwords in email, even as a reminder. Send a link to the user's registered email address that allows them to reset their password. The absolute fastest way to make me quit using your service is to send me my password via email in plaintext.
plain text. No html.
Formatted plain text, please. The system my office uses currently, I had nothing to do with designing it, sends customers a formatted plain text email that looks professional, loads quite quickly in email clients, and it prints just as it looks on the screen. Not only is HTML a security hole, it can really slow down the email downloading/opening process depending on how much extraneous content is included (background colors, images, etc.). In addition, plain text is almost guaranteed to print out as displayed on the screen whereas HTML can have issues.
For passwords, as McWafflestix said, don't send passwords to email addresses. One approach to addressing the forgotten password is to create a module on your website that sends users an email with a link confirming they forget and need to reset their password and then have them answer a secret question they created. Once the identity is confirmed, send them an email with the new temporary password with a link to log in--once they click the link and enter the temporary password, have the user enter a new personal password.