email fax security

[Square Peg]

I am considering signing up for one of the email fax systems such as
MyFax.

http://www.myfax.com/

In reading over the FAQs, I learned that MyFax uses the destination
phone number as the email address. If I want to send a fax to
888-555-1212, I send an email to 18885...@myfax.com.

If it's just a short message, I can type it in the email message. If
it's a document, such as a Word document, I attach the document to the
email.

I am wondering how secure this is? Some of my documents are
confidential and some of them are legally privileged. When they leave
my machine and go out over the internet, those attachments are not
encrypted, right? They will pass through a number of nodes enroute to
myfax.com. Could some at one of the intermediate nodes look at the
attachments?

Thanks

[Russ Valentine [MVP-Outlook]]

Faxing has never been secure and never could be. HIPAA had to create a giant
exception to its requirements so that medical information can continue to be
transmitted by fax.
--
Russ Valentine
[MVP-Outlook]
"Square Peg" <Squa...@Round.Hole> wrote in message
news:mjhjc4ph4a2c9hlkh...@4ax.com...

[Square Peg]

On Thu, 11 Sep 2008 21:49:31 -0400, "Russ Valentine [MVP-Outlook]"
<rus...@gmail.com> wrote:

>Faxing has never been secure and never could be. HIPAA had to create a giant
>exception to its requirements so that medical information can continue to be
>transmitted by fax.

Are you talking about phone faxing where one fax machine makes a call
to another? What security holes are there other than me entering the
wrong fax number?

In any case, I am talking about email faxing, like with MyFax.com.
Unless I encrypt the email and any attachments before sending the
email-fax, I would think that it is visible to every node along the
way, no?

[tlvp]

On Thu, 11 Sep 2008 22:21:37 -0400, Square Peg <Squa...@round.hole>
wrote:

> On Thu, 11 Sep 2008 21:49:31 -0400, "Russ Valentine [MVP-Outlook]"
> <rus...@gmail.com> wrote:
>
>> Faxing has never been secure and never could be. HIPAA had to create a
>> giant
>> exception to its requirements so that medical information can continue
>> to be
>> transmitted by fax.
>
> Are you talking about phone faxing where one fax machine makes a call
> to another? What security holes are there other than me entering the
> wrong fax number?

Someone other than the intended recipient getting a look at the fax,
either as it sits in the OUT tray, waiting for the intended recipient,
or through a line interception/tap.

> In any case, I am talking about email faxing, like with MyFax.com.
> Unless I encrypt the email and any attachments before sending the
> email-fax, I would think that it is visible to every node along the
> way, no?

Visible indeed, just like any other email. Or so I would suppose.
But I'm no expert at anything much, other than justified paranoia.

Cheers, -- tlvp

[Russ Valentine [MVP-Outlook]]

Just what do you think email faxing uses? It doesn't matter how secure your
transmission to the service is. From there it uses POTS.
Never secure. Never will be.

--
Russ Valentine
[MVP-Outlook]
"Square Peg" <Squa...@Round.Hole> wrote in message

news:q9kjc41rq5mtm8cn0...@4ax.com...

[Andrew Rinaldi]

Russ Valentine [MVP-Outlook] wrote:
> Just what do you think email faxing uses? It doesn't matter how secure
> your transmission to the service is. From there it uses POTS.
> Never secure. Never will be.

I would disagree with the statement that fax over POTS can never be secure.

A number of companies sell products that are DoD JITC certified to meet
military and NATO protocols for secure fax communication over POTS.

Ricoh SecureFax products have also been widely deployed in the
commercial sector, and some fax servers have implemented the ITU-T T.36
security capabilities.

Regards

Andrew Rinaldi
Mainpine Developer Support
USA +1 866 363 6680 | UK +44 1225 807 807
andrew....@mainpine.com | www.mainpine.com