in reply to
[OT] E-mail security
It's true that anything you send via email is going to be sniffable and therefore readable, but you might be able to encrypt the contents, send the encrypted email, and decrypt it at the destination.
What that depends on, though, is how "confidential" (and time-sensitive) the information is. In any situation like this, you should assume that someone is watching the transfer. So, is it:
- information that someone else should never see (like customer data),
- information that nobody should see for a certain time period (like information about an upcoming product release), or
- stuff that they just don't really want someone to see (how many hats someone ordered)?
In the first case, I'd consider both encrypting the data and sending via a more secure method (ssh, VPN). Case two, just encrypt it. Sure, someone could record and eventually decrypt it, but by then it won't matter. In the last case, you could probably just email it, but I wouldn't. I'd still encrypt it, but I'm paranoid about those things. I tend to go beyond assuming that there's "someone" who "could be" watching it. I assume that every single computer my data passes through is watching, recording, and has an interest in discovering my information.
The short version of this: never ever take a chance with customer information. Not just for the sake of their business, but to keep your name from showing up on the news as the person who lost the data.