Skip to content

Requirements

General Security Practices

The email integration operates by intercepting emails sent to a monitored mailbox, processing them for import to Lime CRM. Further on, the emails will be displayed in a user's browser via an HTML feed. This process opens up for potential security risks. For instance, a malicious actor could send an email containing specially crafted HTML code designed to exploit weaknesses in the browser environment.

The email integration together with the web client implements several layers to prevent security incidents. For example, libraries are used to sanitize the HTML and the attachments, and remove dangerous scripts. However, this is a "best-effort" approach and it is entirely dependent on the reliability of these libraries.

The email integration can not take any responsibilites to prevent security incidents. It is up to the customer to have general security practices in place. Some practices to consider:

  • Mail server should be secured and configured to scan incoming attachments and filter out spam.
  • Antivirus protection.
  • Secure authentication methods for Lime accounts. If they are compromised, they can be used to send emails from the monitored account inside Lime CRM.

Microsoft Safe Attachment Policies

As mentioned above we highly recommend to have scans for attachments in place. Microsoft has different strategies though on how to response to malware and when to deliver the email within the scanning process. You can find the Safe Attachment configuration here.

Microsoft Safe Attachment Options

In order for the email integration to run smoothly, it's required to implement a block response (shown below) for all monitored accounts, which ensures that an email isn't delivered before the scan was successful and detected malware is quarantined before the delivery.

Microsoft Block response

Of course, you can have other policies with different responses for all other accounts in your organisation.