Vendor Participation on List and Proper Identification

["Parker, Ron" <Ron.Parker () BRAZOSPORT EDU>]

Before we all bounce down this road about vendors on the list, remember
that EDUCAUSE's policies do allow it. I think it can be valuable in many
cases. In particular, I've seen some very effective vendor input over on
the wireless networking list. I've also seen some vendors make real
fools of themselves over on the CIO list. I do have some concerns, which
I've expressed to EDUCAUSE, about the way some vendors use these lists
and the archives to generate sales leads. 

I think that the current issue is just one of asking vendors to make
sure it is clear who they are when they post something to the list. In
Mr. Stapleton's case, his signature doesn't always indicate his
affiliation. I suspect that is just an oversight on his part and that he
will correct it in the future. I would encourage him and all vendors on
the list to participate but to make sure it is clear in their signature
what their affiliation is. I think it is healthy, particularly on a
technical list like this one, to have a good flow of information between
the user community and the vendor side of the world.

I think this identification requirement/suggestion goes for everyone on
the list, by the way. I think everyone needs to include enough
information in their signature so that we understand their relationship
to the topic under discussion. In most cases it's obvious from the
poster's e-mail address but I've seen higher ed people post from
anonymous accounts that make identification problematic. 

--
Ron Parker, Director of Information Technology, Brazosport College
http://www.brazosport.edu
 

> -----Original Message-----
> From: Matthew Keller [mailto:kellermg () POTSDAM EDU] 
> Sent: Thursday, July 28, 2005 7:37 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Barracuda Spam Filter
>
> On the high-ed lists I manage, only higher-ed personnel are 
> invited/allowed period. Educause seems to open their lists up 
> more, and that's their prerogative if that's what they like. 
> As you decided NOT to identify your message as that from a 
> vendor (and in fact went out of your way to alter your normal 
> signature), I felt it necessary to do it for you.
>
> On Thu, 2005-07-28 at 08:20 -0400, Jamie A. Stapleton wrote:
> > We do indeed sell the product. However, I was just trying 
> to answer questions. If this sort of info is not desired, 
> just let me know and I will not reply again. 
> > --------------------------
> > Sent from my BlackBerry Wireless Handheld
> >
> > Jamie A. Stapleton
> > CBSi - Connecting your problems with solutions.
> > FlexiCall:  (804) 412-1601
> > Facsimile:  (804) 412-1611
> > A-Key ESN:  1004-8969
> >
> > -----Original Message-----
> > From: Matthew Keller <kellermg () POTSDAM EDU>
> > To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
> > Sent: Thu Jul 28 08:12:55 2005
> > Subject: Re: [SECURITY] Barracuda Spam Filter
> >
> > List, please note that Jamie @ CBSI is a reseller of Barracuda 
> > Networks products.
> >
> > On Wed, 2005-07-27 at 20:36 -0400, Jamie A. Stapleton wrote:
> > > Let me do my best to answer these questions.
> > >
> > > 1) Barracuda's firmware updates the spam assassin engine 
> when there 
> > > are major updates in the SA engine.  The firmware/os is 
> hardened so 
> > > admins will not be able to install a new kernel or 
> software patch to 
> > > the engine.
> > >
> > > 2) The models 300 and above allow Bayesian databases both on the 
> > > user and admin side (maintained separately).
> > >
> > > 3) The Barracuda Spam Firewall is easily customizable in terms of 
> > > the Bayesian filter.  The user will have two buttons 
> added to their 
> > > Email Client which are "Mark Message as Spam" and "Mark 
> Message Not as Spam".
> > > The user log-in for the Barracuda is "dummy-proofed" in that, the 
> > > only options allowed for users is to delete, deliver or 
> white-list messages.
> > > 4) You can see the demo site (spam.barracudanetworks.com) 
> for rulesets.
> > > 5) The Barracuda can create its' own reports and scores.  
> If you log 
> > > onto the demo site, this will show you the reporting and scoring 
> > > capabilities if the unit.  Let me know if this is the correct 
> > > information that you are looking for.
> > >
> > > 6) Currently there is no direct link/connection to Razor or DCC 
> > > Networks.  Barracuda maintains their own black-list and 
> subscribes 
> > > to Spamhaus, Spamcop, And ordb.
> > >
> > > 7) Currently the Barracuda does not support Gray-listing. 
>  This is 
> > > to reduce the chances of false-positives.
> > >
> > > The product also does anti-virus.
> > >
> > > Jamie
> > > In Ashland, VA  ;-)
> > > (804) 412-1601
> > > (804) 412-1611, fax
> > >
> > > -----Original Message-----
> > > From: Dave Koontz [mailto:dkoontz () MBC EDU]
> > > Sent: Tuesday, July 26, 2005 7:42 PM
> > > To: SECURITY () LISTSERV EDUCAUSE EDU
> > > Subject: Re: [SECURITY] Barracuda Spam Filter
> > >
> > > Watching this thread, I have a couple questions about the 'cuda'
> > > product.
> > > What exactly does this product do that the free Spam 
> Assassin code 
> > > doesn't?
> > > In other words, why should I pay someone $1000+ dollars 
> annually for 
> > > what appears to basically be free software bundled on a 
> scaled down 
> > > server.
> > >
> > > It looks like the 'cuda' device uses SA version 3.02, 
> which is two 
> > > full versions behind the SA code branch.... which may frankly 
> > > address some issues posted here.  Initially, it would seem in the 
> > > "device" world, I might actually loose a lot of functionality and 
> > > features that I have running the full fledged product.
> > >
> > > So... 
> > >
> > > 1) How easy is it to upgrade the device to the latest 
> spam assassin 
> > > version?
> > > 2) Do users have their own baysian DB's and rules, or are they 
> > > globally maintained?
> > > 3) How easy can users interact with or train the system?
> > > 4) Can you easily add your own SA rulesets?  (Custom or SARES)
> > > 5) Can the device test & score SPF/DK/DKIM/RBL/SUBL/URIBL results?
> > > 6) Does the device support the Razor and/or DCC networks?
> > > 7) Does the device support the usage of Grey Listing Technology?
> > >
> > > Lastly... Is this product really just a way for a site to 
> "easily" 
> > > use Spam Assassin without having to invest any time or 
> effort into 
> > > learning the program?  If so, that's fine, but it may not 
> be as full 
> > > featured as the product could be.
> > >
> > > If the product does all the above and more... I will 
> immediately ask 
> > > for a purchase order to save me some precious time!  :-)
> > >
> > > ---
> > > Dave Koontz
> > > Mary Baldwin College
> > > Staunton VA
> > >
> > >
> > > -----Original Message-----
> > > From: Justin Sipher [mailto:jsipher () SKIDMORE EDU]
> > > Sent: Tuesday, July 26, 2005 3:59 PM
> > > To: SECURITY () LISTSERV EDUCAUSE EDU
> > > Subject: Re: [SECURITY] Barracuda Spam Filter
> > >
> > > Add us to the list of schools who are very happy 
> Barracuda users.   
> > > However, I will share a recent story which dampers our enthusiasm 
> > > slightly.
> > > Our single unit (model 600) had a hardware failure 
> recently.  It was 
> > > in this process that we learned that we had a new "single 
> point of failure"
> > > in the e-mail system.  One major problem at the point of 
> the failure 
> > > is that all mail in the quarantine at the time of the 
> failure was lost.
> > > Although most was SPAM, I do know that I had at least one valid 
> > > e-mail in it.  It was between when I received the e-mail 
> quarantine 
> > > summary and when I actually went to retrieve/delete the 
> message when 
> > > the failure occurred.  To prevent this in the future, 
> we've bought a 
> > > second one and will have the two clustered for redundancy.  The 
> > > second problem we had is that they
> > > **appear** to be a victim of their own success.  At the 
> point of the 
> > > failure they were out of stock for a replacement even 
> though we were 
> > > at the upgraded "instant replacement" level.  In our case it took 
> > > three days to get a replacement and then it was a 400 
> model to hold 
> > > us over till they could get a 600.  Not ideal.
> > >
> > > I do think they have learned from this (and maybe other) 
> incidents 
> > > and knowing everything I know now, I'd still buy another 
> one, so the 
> > > up-side is pretty high to overcome those shortcomings.
> > >
> > > ...Justin
> > > _______________________________________________________
> > >    Justin Sipher
> > >    Chief Technology Officer
> > >    Skidmore College
> > >    Saratoga Springs, NY
> > >    jsipher () skidmore edu
> > >    518-580-5909
> > > _______________________________________________________
> > >
> > > On Jul 25, 2005, at 11:35 AM, Gibbs, Aaron M. wrote:
> > >
> > > > I'm looking at the Barracuda Spam Filter and would like 
> to know if 
> > > > anyone is currently using it. If so what your 
> experiences have been.
> > > > Aaron M Gibbs
> > > > Interim Vice President/CIO
> > > > Center for Information Technology
> > > > St. Augustine's College
> > > > 919-516-4379 (Office)
> > > > 919-516-4382 (Fax)
> > > > amgibbs () st-aug edu
> > > > www.st-aug.edu
> --
> Matthew Keller
> signat-url: http://mattwork.potsdam.edu/signat-url/
> "Would you have banned the Internet to save the libraries?" -I, Robot