Securing offline workflow approvals
We are trying to implement offline workflow approvals by activating inbound emails to SAP. Since any email can be 'made to look' as if it came from another person these days, what are the measures that can be implemented to make sure that the email is legit?
Currently, the plan is to embed a key in the email while it is sent out, and to check if the key is present in the reply email.
I read through this document ( Sender authentication part 2: Reading email headers - Terry Zink: Security Talk - Site Home - MSDN Blogs), but the message header that I am getting in SOIN, isn't matching with the one in the document.