Wouldn't it be convenient to be able to post to a channel by simply sending an e-mail? It's easy to imagine reasons to want this capability; for example, you could: - compose wegblog items right in your favorite mail client;
- post items from a cell phone;
- update an FAQ (frequently asked questions) by CC-ing or BCC-ing a channel when answering a question via e-mail;
- make a group of people aware of an e-mail message by CC-ing or BCC-ing a channel to which they are subscribed; or
- collect applications-generated e-mail notifications in a channel.
An e-mail gateway opens up a world of useful possibilities. Unfortunately, it also opens up a world of security concerns. Clearly, you would not want a competitor, a hacker, a disgruntled employee, or a spammer to be mailing content into your channels. (Just imagine what might show up in your weblog if a spammer found the mailbox--scary!) Passwords are not the answer either. E-mail (specifically, the underlying SMTP protocol) is simply not secure; it passes all e-mail content as plain text. After scratching our heads on the security issues for a while, we designed a new service, called the Mail2Channel Gateway--just released in beta--that offers a secure e-mail gateway to MySmartChannels. Mail2Channel does not require login names, passwords, or any other special mail formatting, nor does it even require that you set up an actual mailbox. Mail2Channel creates virtual mailboxes. When an authorized user wants to send mail to a channel, he or she obtains a virtual mailbox for that channel. Virtual mailbox names are intentionally cryptic (they are based on an encryption scheme that is, for all practical purposes, not guessable) and are valid only for a specific user and channel combination. When a message is received at that virtual mailbox, Mail2Channel bases the sender's identity on the message's From or Reply-To address (both of which are easy to spoof, of course, just stay with me). If the sender appears to be the authorized user for the virtual mailbox, Mail2Channel creates a new channel item using one of two methods: - Method 1--A channel item is created, but in an embargoed state. A confirmation e-mail is sent to the authorized user informing him or her that the channel item was created and providing links for previewing, editing, and un-embargoing the item. Acting on any of these links requires true authentication (i.e., logging in with username and password).
- Method 2--A channel item is created and immediately posted. A confirmation e-mail similar to that of Method 1 is also sent. Method 2 is less secure but may be appropriate for certain inside-the-firewall use cases.
Mail2Channel is currently available to all registered MySmartChannels users (click the channel resources icon  for any channel). We encourage you to take it for a test drive and welcome any thoughts or comments you might have. |
