0

I am under request to produce a mechanism that will verify the origin and authenticity of a message received over a monitored mailbox. Now, the mailboxes are assigned by the company to the customer. in that, a request comes in, the customer wants to send data in by email transfer, I make a request to the exchange IT folks for a shared mailbox. that mailbox is given to the customer to send their data over which is monitored by established camel routes.

Now, my application is being reviewed for production deployment and under review they determined a security threat may exist if an erroneous person, robot, etc.. send out harmful emails or spam. when all the need to find/have or come across the name of the mailbox.

is there a way to verify the sender origin and its authenticity on a email delivered to a monitored mailbox? while not having to change code for every new and or changed customer. The other problem with this is that these mailboxes can change owners. in that a customers proof of concept period expires and they do not want to move ahead or a contract expires and frees up that mailbox, a new customer comes along and I hand out an available mailbox.

thank you!

GLMills
  • 558
  • 1
  • 12
  • 37
  • I think the most reliable way is to use digitally signed emails for this. Your customer should sign his/her letters and you can verify the used signature. You can [encrypt](http://blogs.mdaemon.com/index.php/2018/05/29/encrypting-vs-signing-with-openpgp-whats-the-difference-2/) the sent messages too. – m4gic Aug 15 '18 at 15:28
  • excellent advice thank you – GLMills Aug 15 '18 at 20:18

1 Answers1

0

you can also do something like using filtering or searchTerms. see this link Camel route to filter out the auto response emails

I do like the digital signatures. but if you need something immediate and can't rely on your customers IT team to instrument digital sigs, try filter or searchTerm.xxx

GLMills
  • 558
  • 1
  • 12
  • 37
  • Welcome to Stack Overflow and thanks for your contribution! We've the requirement to include the essential parts of the answer not as link but as code or text. You can read more about it here: [How to write a good answer](https://stackoverflow.com/help/how-to-answer). Pleas edit your answer accordingly. Thanks! – David Sep 14 '18 at 19:08