Security Basics mailing list archives
RE: Spam prevention vs mitigation
From: "Vincent Yeo" <vincent () systex com sg>
Date: Fri, 13 Apr 2012 11:14:04 +0800
I second what Champ said. User education is still the best. But it can only go that far. You can spend all the time and money on telling them not to do this or do that, but in the end they ignore your effort. No point in doing too much. Next, everyone perspective of spam is different. Another example would be groupons/deals emails. Some people will sign up with a mailing list email instead of their own. Can you believe that? In the end, 3 out of 10 in the list complained of spam. The other 6 seems to accept it or ignore it. What I can say is that, lay down policies and rules for them to follow. Anyone found breaking it will be on them. It can also happen to bosses or higher management. But as long as the rule and policies are made clear and on a frequent basis, so much so that they can remember it off-hand, they will also be embarrassed about it. At least this takes some heat off you. Thanks, Vincent DISCLAIMER: This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of Systex. Before opening any attachments, please check them for viruses and defects. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Champ Clark III Sent: Friday, April 13, 2012 6:03 AM To: security-basics () securityfocus com Subject: Re: Spam prevention vs mitigation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
That being said, a let through rate of 3-6 spam/user/day is overly high. Thanks, Erik
Maybe, maybe not. Depends on the "spam". For example, let say the individual has signed up for an account on Victoria Secrets web site. When they did, then neglected to uncheck mark the "send me e-mail" box. Now the user complains about "spam" Victoria Secret. (I only use them as an example because i've seen it happen). The end user will swear up and down they've "never signed up for it!". Sure, they can "unsubscibe", but then you're trusting the user to known how to do this and to actually do it. Is the username something common like "bob () example com" or "mary () example com". Common targets will get hit a lot. It also depend on the e-mail volume and they "type" of user they are. Ie - they never post to mailing list/group verses someone who always posts to groups? What the spam to legit email rate. - -- - - Champ Clark III (cclark () quadrantsec com) Quadrant Information Security (http://quadrantsec.com) Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A GPG Key ID: 0381878A -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPh1EcAAoJENnmXt7Lmc3KIrcH/i6+BpTKi0mToH7/d/DaT8tV /AGv7hr5g1q2L0zNGGAu7CXKNwDDqYwT5yE2+lL11zLLYJsAZsabiGV7VUOq6SmT DYKHNmBAWPKj/eYnBokNz2GFqMr42eHVMqNeBxmMIBTQQfI0LZBA12SxA8HTZ8Uu gpAL+kKBRpx1TZtK9tT4fYpQNiuBZH3H6g0MV6S42+fX5dbihpHce6V3LuoPVH+C FT9FGGuYo/80FeMTD/nfOCBygWwShXGmMTm1IeShPqt/cyZ1Z7A7sJcAbE7/sjx7 6L6MvmasA+ADSlU/vi9nCFoLCYRgC0DQ3iho2J7kyxxn6TVg9wzjM1d67m2TPZw= =R1wQ -----END PGP SIGNATURE----- ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442 f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Spam prevention vs mitigation, (continued)
- Re: Spam prevention vs mitigation Champ Clark III (Apr 12)
- RE: Spam prevention vs mitigation Steve Melcher (Apr 12)
- Re: Spam prevention vs mitigation Clint Davis (Apr 12)
- Re: Spam prevention vs mitigation Champ Clark III (Apr 12)
- RE: Spam prevention vs mitigation Gillmer, Renier, VF-NZ (Apr 15)
- Re: Spam prevention vs mitigation Champ Clark III (Apr 12)
- Re: Spam prevention vs mitigation Todd Haverkos (Apr 12)
- Re: Spam prevention vs mitigation Champ Clark III (Apr 12)
- RE: Spam prevention vs mitigation Joseph Laico (Apr 12)
- Re: Spam prevention vs mitigation Ansgar Wiechers (Apr 15)
- RE: Spam prevention vs mitigation Mike Saldivar (Apr 15)
- RE: Spam prevention vs mitigation Vincent Yeo (Apr 15)
- Re: Spam prevention vs mitigation kartik . netsec (Apr 15)
- Re: Spam prevention vs mitigation rmassanet (Apr 16)
- Re: Spam prevention vs mitigation David Gillett (Apr 18)
- Re: Spam prevention vs mitigation Michael Painter (Apr 19)