Secure PHP Emailing

[matthew2229]

Hi, so I'm creating a site for a client right now. It's mostly just front-end design but there are little bits of PHP. I'm good with most things on PHP and know how I would do this simply in PHP but I'm just not sure if it's secure. Like, could I just use the mail(); function? Is that secure enough or do I need more? Thanks!

[Psycho]

Well, what do you mean by "secure" Emailing? I would think you would start with using https to make sure communications between the client and server are secure. But, as far as sending a secure email - I don't know what your expectations are. The only way to send an email securely (prevent others from being able to obtain the content of the message) is to encrypt it. Which means the recipient will need some way to decrypt it. For many businesses that require very tight control of such messages I see them using portals. The recipient is sent an email with a link to the portal. From there the user must log in to see the message. So, basically the message is never truly sent via email - only a notification that there is a message.

[matthew2229]

The client I'm working with knows close to nothing about computers. I want to make a form on the web page that a client of MY clients can fill out then submit and it will send it to my client via email. But it all has to be very secure due to the nature of the information. Can I just take the information from the form and use the mail(); function? I don't want to have my client have to log into the site to be able to see the form submision. It should just be able to send to her email.

[fastsol]

If the info submitted is truly personal sensitive data like SSN or credit cards and such, then it would be best to keep it on the server and make them log in to view it.  Otherwise the client will just have to deal with the possibility of someone sniffing out the emails.

[Psycho]

Can I just take the information from the form and use the mail(); function?

 

Yes, but it won't be secure. Emails are not encrypted. So someone could potentially grab that data as it travels through the servers on it's way from server sending the mail to the receiving mail server. So, your options, as I see it, are to:

 

1) Use a third party email encryption function or build your own. But, that means your client will need to have something to decrypt the emails when they are received.

2) Keep the messages on the server and only send a notification email. Then provide a way for the user to retrieve the messages off the server. The notification email can have a link directly to the message and provide a login screen (if the user isn't already logged in). I think this would be the least intrusive process. But, you will need to ensure the site is being run through HTTPS, otherwise the data being viewed is being sent over the internet unsecured when the user views the messages.