Security Basics mailing list archives

Re: Outsourcing spam filtering and secuirty

From: chort <chort () amaunetsgothique com>
Date: 20 Sep 2003 00:12:33 -0700

I would highly recommend against outsourcing Anti-Spam.  For one thing,
what is your motivation to outsource in the first place?  Cost? 
Maintenance?  There are many commercial Anti-Spam products which you can
purchase and implement locally.

There is no difference in administrative overhead, because if you want
any control at all you will have to use the outsourced provider's tools
to sort and release your mail from their servers (if need be).  That's
exactly the same thing you'd be doing if you had the Anti-Spam solution
in house.  On the flip side, you're pretty much stuck with whatever
filtering an outsourced provider has, but if you control your solution
locally, you have TOTAL control.

Then there is the issue of privacy.  Nearly any company that deals with
PHI under the HIPPA act will NEVER outsource their mail because of the
extreme risk of getting sued for HIPPA non-compliance.  I personally
used to work for an e-mail outsourcing company and we routinely looked
at messages in an effort to block spam.  Did I ever look at what I
believed to be personal e-mails, or did I ever convey any
confidential/private information in any way?  Did any of my fellow
employees ever do that? NO, absolutely not!  The point is that the mail
is right there, there's nothing stopping anyone from reading it, and in
fact it might be part of their job description to read it in an effort
to block spam.  Can you afford to have even one disgruntled employee at
an outsourced provider?  Is that a risk you're willing to take?

On the security side, it's much more accepted to outsource that, at
least with things like firewall and IDS.  You probably don't want an
outsourced security team having root/administrator on all your
application servers, but for a professional and reputable team to manage
your firewalls and IDS is not unheard-of.

On Thu, 2003-09-18 at 20:22, Tony Brisco wrote:

Hi,

Is trusting third party with the corporation's MX
records for spam filtering purposes is widely used ?
Accepted ?  And how secure ?

I appreciate in advance your comments and suggestions.

Tony Brisco


-- 
Brian Keefer


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Outsourcing spam filtering and secuirty Tony Brisco (Sep 19)
- Re: Outsourcing spam filtering and secuirty Roger A. Grimes (Sep 19)
- Re: Outsourcing spam filtering and secuirty Matt Taber (Sep 19)
- Re: Outsourcing spam filtering and secuirty Chris Ditri (Sep 19)
- Re: Outsourcing spam filtering and secuirty chort (Sep 22)
- <Possible follow-ups>
- RE: Outsourcing spam filtering and secuirty jburzenski (Sep 19)
- Re: Outsourcing spam filtering and secuirty Craig_Brauckmiller/LEK (Sep 19)
- RE: Outsourcing spam filtering and secuirty Timothy Onsomu (Sep 19)
  - New Secure Enterprise Magazine from Network Computing Steve (Sep 23)
- Re: Outsourcing spam filtering and secuirty Dana Rawson (Sep 19)