Security Basics mailing list archives
RE: The answer is, "you cant"
From: "Mike Molloy" <mmolloy () coenholdings ie>
Date: Wed, 22 Oct 2003 09:41:11 +0100
I would agree with Dave and go further by saying that an external company could never be as responsive to your companies needs as you could be. Our parent company outsourced their email, however on seeing our system could be customized and statistics obtained in minutes instead of days or weeks they are now installing a new mail system based on ours. Email does not have to be insecure just because you allow Marketing license to use it as a marketing tool, after all it is very good for that purpose. Think long and hard before outsourcing so fundamental a tool as email. Regards Mike Molloy IT Supervisor -----Original Message----- From: Dave Hartnell [mailto:enzeit () xtra co nz] Sent: 21 October 2003 23:20 To: Nicholas Diotte Cc: com, Secuirty Basics with SecuirtyFocus. Subject: The answer is, "you cant" Hi Nick. My 2c worth is this. Outsourcing your email services to a 3rd party not only creates a security risk but also a commercial one. You would essentially relying on a 3d party to protect your corporate image and reputation. Internal and external email is a fundamental service and responsibility for you to provide and also a key way you can enable marketing to help grow your business. Emails contain a lot of commercially sensitive information and none more so than marketing. Control over how and when that information is sent is vital to protecting your companies competitive advantage. I would review the reasons you dont allow marketing to include quality content. I assume it either size or security considerations) Having been involved in marketing before, I can say image does matter. The look and feel of email content, presentations etc are important to looking successful. Try this approach. Sit down with marketing, find out what content exactly are they looking for in their emails and agree on some standards that meet those needs and are balanced against what you feel are important IS considerations. Then allow them to use your own servers for the job. All will win, you haven't opened it up to all and sundry (just marketing), Marketing get what they need. You haven't exposed your company to risk, commercial or otherwise and you have enhanced your reason for being and should be happy that you are contributing to the bottom line in a meaningful way. Kind regards Dave Hartnell Company director. Enze IT. -----Original Message----- From: Nicholas Diotte [mailto:xphox () xphox net] Sent: Wednesday, 22 October 2003 7:40 a.m. To: Subject: How can you trust a company you don't know? Greetings List, Recently I've been asked to look into a product, that a company I've never heard of sells. The company in question has a service that our Marketing Department would like to purchase. It being computer related, IT gets final say. Basically this company is advertising, "Fully-Branded Emails". Currently we restrict our Marketing Dept. from using "fancy" HTML emails, and only allow them to send plain text. However this company will allow them to send Rich Text, and HTML emails. They will even provide what seems to be impossible reporting, dynamic content (via database), and custom emails based on user interaction (in other words profiling). Basically I'm assuming each email will contain embedded hidden pictures, etc that will track what users are doing. A little scarry for me, as the last thing I want is our company emails being picked up by spyware scanners, etc.. I've done some basic research on the company and they do seem rather legitamite, however I have found traces of them on a couple mail abuse lists. Basically it's an opt-in newsletter, how it works is you give them a subdomain, and point the MX record to their mailserver. But how do I know they won't spam from our domain, how do I know they won't sell the opt-in list, and what about user tracking... Do I have to alert our subscribers that they will in fact be "profiled"? What steps would you take if you needed to look into a company and give a report to your VPs, giving the product a yeah, or nah. Thanks, --Xphox ------------------------------------------------------------------------ --- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_ 0310 21 ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy www.clearsightnet.com/jmp6-downloadtrial.jsp ------------------------------------------------------------------------ ---- ##################################################################################### Note: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Coen Holdings Ltd. and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. Thank You. ##################################################################################### --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ----------------------------------------------------------------------------
Current thread:
- How can you trust a company you don't know? Nicholas Diotte (Oct 21)
- The answer is, "you cant" Dave Hartnell (Oct 21)
- RE: The answer is, "you cant" Mike Molloy (Oct 22)
- RE: The answer is, "you cant" Xphox (Oct 22)
- RE: The answer is, "you cant" Mike Molloy (Oct 22)
- Re: How can you trust a company you don't know? Steve (Oct 21)
- Re: How can you trust a company you don't know? Steve (Oct 22)
- RE: How can you trust a company you don't know? Rob McComber (Oct 22)
- Re: How can you trust a company you don't know? Steve (Oct 23)
- <Possible follow-ups>
- Re: How can you trust a company you don't know? SMiller (Oct 21)
- The answer is, "you cant" Dave Hartnell (Oct 21)