Security Question: Digital "Signatures" in Outlook. Any admins allowing them?

typhoon43

2[H]4U
Joined
Apr 5, 2001
Messages
3,930
Seems like everyone at work has started clammoring for those cool "looks like you signed it" email sigtnatures. Our users are unable to view them becasue they get this nice prompt:
activexsignatureblock.GIF


So everyone that's trying to set them up has a Red X signature in their emails. Has anyone who admins a decent sized company done any research as to how safe it would be to turn on Active X controls for these Outlook signatures? I'm not real keen on the idea, but if it's safe, we'll go for it.
 
Don't let Outook run any scripts, ActiveX or anything.. Unless you really like viruses.

==>Lazn
 
Ditto!

Why would they be using active-x? Mine is just a standard .jpg image always attached to the bottom of my email.

Like so...
email.jpg
 
a smime cert is a better digital signature ;)

I haven't run into this kind of thing yet though, but we aggressively filter html email.
 
You can configure S/MIME via group policy. If you have an internal cert server, you can automatically assigne user certs via group policy.

What I did was configure a policy to create a certificate for each user and store it in Active Directory. I then tweak some of the Outlook settings via another policy. User then had the option to enable S/MIME signing. You'll want to make sure that emails are sent in clear text though otherwise you'll get a bunch comlaining that anything other than Outlook doesn't read the mail properly.

Another caveat is that when messages that your CA isn't trusted by external domains. So, when someone opens an email from your domain, the get a warning.

If you are running Outlook 2003, also look into Right Management Server. It works well in conjuction with S/MIME.
 
Back
Top