lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040204152010.GZ870@sentex.net>
From: damian at sentex.net (Damian Gerow)
Subject: Email

(Re-formatted for clarity.  Please look into line wrapping.)

Thus spake Jos Osborne (Jos@...temi.co.uk) [04/02/04 10:13]:
> Most ISP's wouldn't touch the concept of being responsible for their
> client's e-mail security with a 10' barge pole. Apart from the
> obvious technical issues - they'd need an AV scanner to check the
> mail that would have to be capable of dealing with serious volumes -
> there are also issues of liability if anything doesn't work (I'm
> thinking along the lines of the medical court cases that have come up
> where doctors have been sued for not using the most advanced equipment
> that existed regardless of whether they actually had that equipment
> available at the time).

Actually, most ISP's need to offer some sort of AV/Spam scanning these days
if they want to remain in business.  Think 'value-add services'.  There are
many software packages that can handle large volumes of mail.  And if one
server can't do it, there's a reason Round Robin RRs exist.

That's not to say that they're responsible for their client's e-mail
security, rather, they're offering a service to keep their client's e-mail
free of viruses.  So long as they follow due diligence -- update defs
frequently, don't run massively outdated software, try to set the system up
to be difficult to circumvent -- there's little to worry about.

> Add to this privacy issues - they have to open up the e-mail to scan it
> - and you end up with a fairly horrible problem.

Yeah, if you have a crack team of virus analyzing monkeys sitting in the
back, opening up and manually checking every single piece of mail coming
through your network, you might have some privacy -- and load -- problems.

But then again, you might have bigger problems.

  - Damian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ