FaxLine security

[jbagby]

Howdy. I have a question regarding security of FaxLine / SendFax service. I realize that during fax transmission, it is "as secure" as any normal fax, but what about the PDF upload for outgoing faxes and PDF delivery of incoming faxes? Are the PDF attachments encrypted for Delivery via email? Can the uploaded PDF's for outgoing delivery be encrypted? How long are PDF's held on Sonic's side after fax delivery (and, if different, how long are faxes stored in the Fax History section under my login?)

I found some discussion from April 2103 (by searching on term "Secure") and wondered if there was an update?

[kgc]

The HTTP session when you upload the PDF to our servers is encrypted, but not from the servers to the fax application servers where it will be converted and sent. It lives on those servers for as long as it takes to convert it to tiff for faxing and then to send the fax. If the fax fails, it stays around for a couple more days for us to take a look at it to see if we can improve the conversion/transmission but is then automatically removed if we look at it or not.

On the receiving end, the email and/or pdf is not encrypted. But, we do encrypt all internal SMTP sessions and will use encryption whenever supported by a remote server.

[Guest]

THANK YOU for your explanation! To followup...

My general question is: Is there anything about sending or receiving Faxes through the Sonic FaxLine service that is any more secure than sending the same documents via email?

I'm hoping that my more specific questions below (and your answers) will help other users and myself understand more thoroughly. If any of my questions miss the mark, feel free to tell me that it does not work either of the ways that I have suggested:

but not from the servers to the fax application servers where it will be converted and sent.

-Can I assume that those "fax application servers" are NOT accessible by the "outside world" but rather only by Sonic employees?

-Do those servers use Phone Lines or some kind of Internet Protocol (SMTP?) to send the Fax?

On the receiving end, the email and/or pdf is not encrypted. But, we do encrypt all internal SMTP sessions and will use encryption whenever supported by a remote server.

-So when the incoming Fax arrives at Sonic, is it delivered via "outside world" SMTP servers, making it just as insecure as any other email before it hits Sonic's internal SMTP servers?

-Or is it delivered to Sonic via Phone Lines and then sent to my Sonic email box internally within Sonic?

[kgc]

THANK YOU for your explanation! To followup...

My general question is: Is there anything about sending or receiving Faxes through the Sonic FaxLine service that is any more secure than sending the same documents via email?

Assuming that the emails are kept within sonic's servers, I suppose you could say it was more secure than sending the same documents directly via email. If you also assume that the other fax machine is a physical machine somewhere and not another electronic faxing service. If you are after security you're better off using something that provides end-to-end encryption like PGP or SMIME if the receiver can deal with it.

-Can I assume that those "fax application servers" are NOT accessible by the "outside world" but rather only by Sonic employees?

Correct.

-Do those servers use Phone Lines or some kind of Internet Protocol (SMTP?) to send the Fax?

They use SIP to send the faxes out our phone switch where the call will be routed as appropriate to reach the destination the same as a normal voice call made on our network.

-So when the incoming Fax arrives at Sonic, is it delivered via "outside world" SMTP servers, making it just as insecure as any other email before it hits Sonic's internal SMTP servers?

-Or is it delivered to Sonic via Phone Lines and then sent to my Sonic email box internally within Sonic?

If the eventual email recipient is local, the fax never leaves our network once it is received.