hi
just my $0.02 worth of rant...
if one is working at a company etc..etc..
than all incoming and outgoing/incoming emails should
always be to/from [EMAIL PROTECTED]
if they want to read company emails at the office, and at home
and on the laptop while traveling...guess thats what secure imap
is good for.. connected to a less trusted/less secure imap/pop3/ppp server
or just vpn into the corp lan thru say pptp..or other
tunneling options
- personal email accounts ( aol, earthlink, hotmail, yahoomail, etc)
should NEVER be used for corp emails
beccaue it is trivial to setup an account as "Company President"
or clients and create all kinds of commotions
any company that allows "non-company email address" are simply
waiting for disaster to occur ???
security is sometimes more than just firewall but simple "common sense" ??
have fun
alvin
http://www.Linux-1U.net - 3 nic or 5 nic firewalls in 1U ...
On Tue, 1 May 2001, Dan McGinn-Combs wrote:
> One aspect of these services is the ease with which a typical end user can
> set up a Hotmail account to impersonate someone else.
>
> For example, one could set up a hotmail account, then change the display
> name and email address to match the president of your company. He could then
> impersonate your president... sending offending messages to customers,
> firing senior managers, giving you a raise. (I didn't say it was ALL bad).
>
> In the "olden" days, this kind of e-mail spoofing was more difficult because
> you had to be able to type. Now Microsoft and company has made it fairly
> easy for the average user with revenge on his mind.
>
> Dan
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>
> Most web based mail services now do a virus scan before accepting email.
> Hotmail
> does. Perhaps a policy of only allowing web based email from services that
> do
> virus/Trojan scan on mail. You are not stopping web mail but are pointing
> out the security implications. All you need to do is have a list of
> acceptable services.
>
>
> I'm in the process of updating our Internet acceptable use policy in
> anticipation of the new FDIC privacy regulations. I'm trying to decide what
> to do about web base mail (Hotmail et al.). Web based mail is a way for
> viruses and Trojans to get in.
>
> I could:
>
> Ignore it
> Try to block it - (kinda like being a bilge pump on the Titanic).
> Set a policy banning it. It's never a good idea to set a policy that will
> be unpopular AND unenforceable.
> Try to regulate it by policy. Less unpopular, but still unenforceable.
>
> What are other people doing?
>
> Ken Butler
> Liberty Bank
>
>
>
>
> -
>
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
