Common Criteria – Salvation For Email Security
To operate email needs both inbound and outbound access. The very fact that companies want to receive email from strangers – potential customers – means that asking for authentication, the standard way to verify a connection passing through a firewall to a protected network, simply does not work. So the firewall just passes the responsibility to the mail server. Putting the mail server on the DMZ is not an answer either, this just moves the problem rather than addressing the insecurities of email, and makes it more difficult for internal users to read their email.
The link for this article located at Net-Security.org is no longer available.