Link in Spam Quarantine Summary security issue
We are having security concern for enabling the View and Release link in the spam quarantine summary digest.
Say the mailbox owner is Mr A. Ms B is the secretary of Mr A
If Mr A forward the digest received with “Release”/”View” link embedded to Ms B, Ms B can fully manage the spam folder of Mr A without any further authentication. ( fully manage here means view and release quarantined email in Mr A's the spam folder )
When Ms B changed the job duty, there is no way to stop Ms B seeing Mr A's quarantined area.
Mr A constantly receive legitimate email in the quarantine area and if it is considered confidential, this create a security concern.
Disable view or release link
If the view or release link is disabled, spam in Public Folders or Shared Mailboxes cannot be released by their users
Do not show the "Quarantine" link on the left, "Previous", "Next" and the "Back to Messages" button on the web interface when user is accessing through the link in the digest.
This is to limit any user with the hold of the digest to be only able to view or release the email of the specific link in the digest.