E-mail and its security discontents
- — 16 January, 2008 10:10
This clear direction, the "You must do this.....," has to be led in a non-partisan way by Microsoft, IBM, HP, Oracle, Cisco, MessageLabs, Postini, Yahoo and Google, and have visible backing of the top-100 global companies that all agree to implement the solution within 12 months and start blocking (or at least discriminating against) e-mail that does not conform.
It is my belief that the Jericho Forum, an international IT security thought-leadership group, and a Managed Consortia of Open Group, a highly-respected vendor and technology neutral consortium, is ideally suited to bring together the best-of-the-best from the vendor community and global companies to play the role of honest-broker to deliver standards on behalf of the global community.
So Bill Gates, you promised an end to spam by 2006; perhaps you would like to champion this as your retirement project?
Ten questions to ask about your e-mail systems:
- Do you have a strategy for securing e-mail?
- Is your e-mail server capable of SMTP/TLS in at least opportunistic mode?
- Can you support a request for forced SMTP/TLS?
- Have you updated your DNS to include your SPF records?
- Have you trained your people that sending Internet e-mail is like sending a postcard?
- Are you alerting your e-mail recipients when an external e-mail is not secure?
- Are you feeding SPF and SMTP/TLS attributes into your spam calculations?
- When using an (e-mail) marketing company and they spoof your e-mail domain -- do you ensure the SPF is OK?
- Do you have processes to ensure content is secured when sending via the Internet?
- Does your DNS provider support the latest SPF standard?
Paul Simmonds is a member of the management board of the Jericho Forum, an organization pushing for innovation in e-commerce security, and is also CISO for a large, global chemicals corporation.