Can we retrieve pop mail SECURELY - SSL or PGP or web-based

[bluedev]

How can I retrieve emails securely from the mail server? I have web forms that collect credit card data, then CDO them to a mail account on the same system?

- setting SSL in mail software doesn't work,
- what about PGP or
- what about logging in web-based securely with SSL

Is there a work around? add-on?

Thanks
Chris

[jaymac]

I dont know if their is an email workaround, but you could certainly add the form information to a database, which is then retrievable from a secure page you write. Since this page will only be for your use, you can use the built in, non certified SSL thats comes with your hosting if you dont have an SSL cert already.

Downside is your keeping CC info in a database (makes some ppl jittery), but Im not sure if thats any worse than keeping it in emails.

Good luck and happy programming.

- Jason -

[generic]

you can do it with encription using a 3rd party DLL

just search on "secure email" and you will find a bunch including:
http://www.aspencrypt.com, thatcost $$$

but I believe dynu is already installed ou many of the servers..
http://www.dynu.com/dynuencrypt.asp

[bluedev]

- I could do the database solution but then the client has to login to view card details for every transaction, and I'd have to build the app.

- I checked the server for installed ASP COM objects but none of the dynu products are installed

Any more ideas?

Also,

What are the chances, how often is it happening, and how is it done that emails in trasnsit be snooped?

[bigdave]

As soon as someone notices you are sending plain text credit card numbers with full info, I'd say pretty frequently. I mean packet sniffing isn't something that requires much skill in terms of "hacking"

[somereseller]

For secure email to happen, Psoft has to provide a way for us to add certs on all servers. We all know that user security is not HSphere strongest point...

[somereseller]

But to solve your e-commerce problem, I'd suggest that you encrpyt every detail with pgp.

[bluedev]

For anyone interested.
I found an OUTSIDE way to retrieve your mail securely.

Web based SSL (https) with a 3rd party.
1 example: www.mail2web.com
- select "Advanced Login"
- select "Secure Login"
- servername = domain.com, userid = user%domain.com
(Do not select SSL checkbox)

VOILA! you are connected securely to your email.

QUESTION FOR @ATMAIL
Can we not have an in-house solution to access our mail securely like other web-based mail suppliers?

[somereseller]

Hum...Using a webmail system from outside will only protect you from your neighbours and certainly won't stop people from stealing the CC#

[Silverbug]

I have some code which you can use to encrypt the cc details. It uses MD5 encryption algorithims and is really easy to use.

You could setup your client so he can decrypt it from a webpage, (which is secure of cource, or hosted on localhost a server) by simply entering the encrypted string and decrypting it. from there. then again i guess that sorta defeats the purpose of sending via email eh anyway PM me if you want it.