Security Basics mailing list archives
Re: Outsourcing spam filtering and secuirty
From: chort <chort () amaunetsgothique com>
Date: 20 Sep 2003 00:12:33 -0700
I would highly recommend against outsourcing Anti-Spam. For one thing, what is your motivation to outsource in the first place? Cost? Maintenance? There are many commercial Anti-Spam products which you can purchase and implement locally. There is no difference in administrative overhead, because if you want any control at all you will have to use the outsourced provider's tools to sort and release your mail from their servers (if need be). That's exactly the same thing you'd be doing if you had the Anti-Spam solution in house. On the flip side, you're pretty much stuck with whatever filtering an outsourced provider has, but if you control your solution locally, you have TOTAL control. Then there is the issue of privacy. Nearly any company that deals with PHI under the HIPPA act will NEVER outsource their mail because of the extreme risk of getting sued for HIPPA non-compliance. I personally used to work for an e-mail outsourcing company and we routinely looked at messages in an effort to block spam. Did I ever look at what I believed to be personal e-mails, or did I ever convey any confidential/private information in any way? Did any of my fellow employees ever do that? NO, absolutely not! The point is that the mail is right there, there's nothing stopping anyone from reading it, and in fact it might be part of their job description to read it in an effort to block spam. Can you afford to have even one disgruntled employee at an outsourced provider? Is that a risk you're willing to take? On the security side, it's much more accepted to outsource that, at least with things like firewall and IDS. You probably don't want an outsourced security team having root/administrator on all your application servers, but for a professional and reputable team to manage your firewalls and IDS is not unheard-of. On Thu, 2003-09-18 at 20:22, Tony Brisco wrote:
Hi, Is trusting third party with the corporation's MX records for spam filtering purposes is widely used ? Accepted ? And how secure ? I appreciate in advance your comments and suggestions. Tony Brisco
-- Brian Keefer --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Outsourcing spam filtering and secuirty Tony Brisco (Sep 19)
- Re: Outsourcing spam filtering and secuirty Roger A. Grimes (Sep 19)
- Re: Outsourcing spam filtering and secuirty Matt Taber (Sep 19)
- Re: Outsourcing spam filtering and secuirty Chris Ditri (Sep 19)
- Re: Outsourcing spam filtering and secuirty chort (Sep 22)
- <Possible follow-ups>
- RE: Outsourcing spam filtering and secuirty jburzenski (Sep 19)
- Re: Outsourcing spam filtering and secuirty Craig_Brauckmiller/LEK (Sep 19)
- RE: Outsourcing spam filtering and secuirty Timothy Onsomu (Sep 19)
- New Secure Enterprise Magazine from Network Computing Steve (Sep 23)
- Re: Outsourcing spam filtering and secuirty Dana Rawson (Sep 19)