Hey everyone! I've been researching how to securely send emails to a corporate mail server and could really use some guidance. I'm working on a solution involving various AWS services that compiles sensitive data into a report for a distribution list on a corporate email server. They're likely using Microsoft Exchange, hosted by Microsoft, and I want to ensure that the email stays internal and doesn't get sent over the public internet in plain text.
I looked into Amazon SES, but it seems like you can only route mails through SES and not configure it to use third-party SMTP servers. I also checked out Amazon SNS, but it's quite limited in formatting and again, I don't think it can securely send to external SMTP servers.
Security options like S/MIME and PGP are a no-go because we don't want the end users to deal with extra encryption software. I thought about sending the report in plain text with a secure link to the data in an S3 bucket, but we're aiming for the email to show all the info directly. If there's a better approach, I'd love to hear about it!
I might have to figure out how to interface with their mail server directly, potentially using a Lambda function. Any recommendations for securely sending emails in this scenario would be greatly appreciated!
3 Answers
It's worth digging into the reasons behind these requirements. Why does it need to be an email? Understanding the business problem can help you find a more suitable solution rather than just meeting the requirements. Also, considering the sensitivity of the data can guide your approach too.
AWS SES does support enforcing TLS to the recipient. Make sure to set the configuration to `--tls-policy REQUIRE`, so it only sends if a secure connection can be established. That should definitely meet your security needs!
Just don't forget to troubleshoot your setup a bit — you don’t want to hit any snags!
Got it! If I enable that, it'll ensure secure delivery. Thanks for the tip!
You might want to consider manually sending the email through an encrypted TLS connection to the customer's mail server. There's a good example in the Python documentation for smtplib that shows how to do that. Plus, if they're using Office 365, there's specific guidance available for sending securely through that platform! Check it out in the documentation from Microsoft.
You have a point! I've asked about this, but I’m being a bit vague here. It's crucial to have clear requirements, though!