On 2024-07-31 at 03:41:49 UTC-0400 (Wed, 31 Jul 2024 08:41:49 +0100
(BST))
Andrew C Aitchison via mailop <[email protected]>
is rumored to have said:
On Wed, 30 Jul 2024, John Levine via mailop wrote:
It appears that Jaren Angerbauer via mailop
<[email protected]> said:
$dayjob is Proofpoint -- I have been heavily involved with this. We
have
gone to great lengths to raise awareness with customers and get them
to
correctly configure their systems. Ultimately up to them though,
despite
our warnings of potential consequences for not doing this.
Our response to Guardio's article:
https://www.proofpoint.com/us/blog/threat-insight/scammer-abuses-microsoft-365-tenants-relaying-through-proofpoint-servers-deliver
Sounds like it's the usual problem -- once the mail seems to work, no
amount of nagging will get them to change anything until it visibly
breaks.
Maybe the problem is that having bought in an outside service there is
no one left in-house with the technical experience* to do anything
beyond
the day-to-day stuff ?
This is a problem intrinsic to email outsourcing. The sales pitch from
filtering and mailbox providers has broadly been "Come to us and you can
fire your cranky old expensive sysadmins." So many did just that. But of
course, the excellent sysadmins at places like Proofpoint, Barracuda,
GMail, and Microsoft are spread so thin and have so little engagement
with customers that they might as well not exist. That blog post Jaren
referenced describes the result: reactive security rather than
preventative and reliance on customers' technically weak staff to make a
potentially breaking config change to a function that they clearly
misunderstood when it was set up.
--
Bill Cole
[email protected] or [email protected]
(AKA @[email protected] and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
