The answer is, "you cant"

["Dave Hartnell" <enzeit () xtra co nz>]

Hi Nick. My 2c worth is this.

Outsourcing your email services to a 3rd party not only creates a security
risk but also a commercial one. You would essentially relying on a 3d party
to protect your corporate image and reputation.

Internal and external email is a fundamental service and responsibility for
you to provide and also a key way you can enable marketing to help grow your
business. Emails contain a lot of commercially sensitive information and
none more so than marketing. Control over how and when that information is
sent is vital to protecting your companies competitive advantage.

I would review the reasons you dont allow marketing to include quality
content. I assume it either size or security considerations)

Having been involved in marketing before, I can say image does matter. The
look and feel of email content, presentations etc are important to looking
successful.

Try this approach. Sit down with marketing, find out what content exactly
are they looking for in their emails and agree on some standards that meet
those needs and are balanced against what you feel are important IS
considerations. Then allow them to use your own servers for the job.

All will win, you haven't opened it up to all and sundry (just marketing),
Marketing get what they need. You haven't exposed your company to risk,
commercial or otherwise and you have enhanced your reason for being and
should be happy that you are contributing to the bottom line in a meaningful
way.

Kind regards


Dave Hartnell
Company director.
Enze IT.



-----Original Message-----
From: Nicholas Diotte [mailto:xphox () xphox net]
Sent: Wednesday, 22 October 2003 7:40 a.m.
To:
Subject: How can you trust a company you don't know?




Greetings List,

Recently I've been asked to look into a product, that a company I've never
heard of sells.  The company in question has a service that our Marketing
Department would like to purchase.  It being computer related, IT gets final
say.

Basically this company is advertising, "Fully-Branded Emails".  Currently we
restrict our Marketing Dept. from using "fancy" HTML emails, and only allow
them to send plain text.  However this company will allow them to send Rich
Text, and HTML emails.  They will even provide what seems to be impossible
reporting, dynamic content (via database), and custom emails based on user
interaction (in other words profiling).  Basically I'm assuming each email
will contain embedded hidden pictures, etc that will track what users are
doing.  A little scarry for me, as the last thing I want is our company
emails being picked up by spyware scanners, etc..

I've done some basic research on the company and they do seem rather
legitamite, however I have found traces of them on a couple mail abuse
lists.

Basically it's an opt-in newsletter, how it works is you give them a
subdomain, and point the MX record to their mailserver.  But how do I know
they won't spam from our domain, how do I know they won't sell the opt-in
list, and what about user tracking...  Do I have to alert our subscribers
that they will in fact be "profiled"?

What steps would you take if you needed to look into a company and give a
report to your VPs, giving the product a yeah, or nah.

Thanks,
--Xphox

---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about
network analyzers. Are you sick of the three window text decodes? Download
ClearSight Network's Analyzer and see a new network analysis tool that
makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_0310
21
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about 
network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new 
network analysis tool that 
makes the complex - easy
www.clearsightnet.com/jmp6-downloadtrial.jsp
----------------------------------------------------------------------------