Both

Story: Clinton's Homebrew E-Mail Server: Risky or Genius?Total Replies: 0
Author Content
ljmp

Mar 09, 2015
3:10 PM EDT 		If you are a government employee, you should not be using any email other than the official .gov email account. This is for lots of important reasons, but is very inconvenient. It is much easier to just forward all your mail to a personal email account and work from that.

Inconvenience of .gov email:
  • PKI
  • No webmail on non-government run or non-approved machines
  • Pesky Public Record
By government rules and laws, Ms. Clinton should probably be carted off to spend some time in the government run Kansas resort.

However, I do run my own email server. And I've read through a few articles about Clinton's setup. The biggest security problem I've read about is the use of self-signed SSL certs for account access. I don't see this as a problem, since presumably Clinton was the only account holder. If so, she only needed to accept the 'dubious' cert once -- and it was probably her self-hired IT guy who pressed the 'yes-accept' button. I did not see anything in the articles related to SPF, DKIM, or DMARC records or configuration. These three are absolutely essential to protect your mail server domain reputation... and it's a bit surprising that the government servers didn't reject her mail to begin with.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!