While that would secure the connections from snooping if you're mailboxes are on Office 365 and those mailbox stores do not exits on an encrypted LUN then a service can easily read the Exchange database; anyone with server access can read mail across all mailboxes. In fact, Microsoft supports this type of setup with impersonation, e.g. a global user that can query any mailbox it has permissions to within Exchange. This is how some EWS integrated applications work. It wouldn't be that far fetched for the NSA to incorporate the same type of query to monitor the mailboxes -- even subscribing to change notifications so it only queries and collects when a new mail item has arrived. Additionally, Office 365 can simply create a journal rule and have all inbound / outbound mail journal to a location that makes it easier for snoops to look through the messages, e.g. an external SMTP endpoint, all without the end customers' knowledge. If anyone has any questions on Exchange they, too, can contact me off list. Just my 2-cents. -matt On Fri, Jul 12, 2013 at 1:04 PM, Nick Khamis <symack@gmail.com> wrote:
We are currently working on something right now where all connections are doing over an encrypted vpn. We are bringing SIP, email, search, and cloud to the tunnel.
You can contact me off list if you would like to know more.
Nick Khamis